9.8
CVE-2019-3568
- EPSS 36.03%
- Veröffentlicht 14.05.2019 20:29:03
- Zuletzt bearbeitet 03.09.2025 17:36:53
- Quelle cve-assign@fb.com
- Teams Watchlist Login
- Unerledigt Login
A buffer overflow vulnerability in WhatsApp VOIP stack allowed remote code execution via specially crafted series of RTCP packets sent to a target phone number. The issue affects WhatsApp for Android prior to v2.19.134, WhatsApp Business for Android prior to v2.19.44, WhatsApp for iOS prior to v2.19.51, WhatsApp Business for iOS prior to v2.19.51, WhatsApp for Windows Phone prior to v2.18.348, and WhatsApp for Tizen prior to v2.18.15.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
WhatsApp ≫ WhatsApp Business SwPlatformandroid Version < 2.19.44
WhatsApp ≫ WhatsApp Business SwPlatformiphone_os Version < 2.19.51
19.04.2022: CISA Known Exploited Vulnerabilities (KEV) Catalog
WhatsApp VOIP Stack Buffer Overflow Vulnerability
SchwachstelleA buffer overflow vulnerability in WhatsApp VOIP stack allowed remote code execution via specially crafted series of RTCP packets sent to a target phone number.
BeschreibungApply updates per vendor instructions.
Erforderliche Maßnahmen| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 36.03% | 0.97 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-122 Heap-based Buffer Overflow
A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().
CWE-787 Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.