9.8
CVE-2019-3568
- EPSS 36.03%
- Published 14.05.2019 20:29:03
- Last modified 03.09.2025 17:36:53
- Source cve-assign@fb.com
- Teams watchlist Login
- Open Login
A buffer overflow vulnerability in WhatsApp VOIP stack allowed remote code execution via specially crafted series of RTCP packets sent to a target phone number. The issue affects WhatsApp for Android prior to v2.19.134, WhatsApp Business for Android prior to v2.19.44, WhatsApp for iOS prior to v2.19.51, WhatsApp Business for iOS prior to v2.19.51, WhatsApp for Windows Phone prior to v2.18.348, and WhatsApp for Tizen prior to v2.18.15.
Data is provided by the National Vulnerability Database (NVD)
WhatsApp ≫ WhatsApp Business SwPlatformandroid Version < 2.19.44
WhatsApp ≫ WhatsApp Business SwPlatformiphone_os Version < 2.19.51
19.04.2022: CISA Known Exploited Vulnerabilities (KEV) Catalog
WhatsApp VOIP Stack Buffer Overflow Vulnerability
VulnerabilityA buffer overflow vulnerability in WhatsApp VOIP stack allowed remote code execution via specially crafted series of RTCP packets sent to a target phone number.
DescriptionApply updates per vendor instructions.
Required actions| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 36.03% | 0.97 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-122 Heap-based Buffer Overflow
A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().
CWE-787 Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.