9.1

CVE-2021-24043

EPSS 0.57%
Veröffentlicht 02.02.2022 12:15:07
Zuletzt bearbeitet 21.11.2024 05:52:16
Quelle cve-assign@fb.com
Teams Watchlist Login
Unerledigt Login

A missing bound check in RTCP flag parsing code prior to WhatsApp for Android v2.21.23.2, WhatsApp Business for Android v2.21.23.2, WhatsApp for iOS v2.21.230.6, WhatsApp Business for iOS 2.21.230.7, and WhatsApp Desktop v2.2145.0 could have allowed an out-of-bounds heap read if a user sent a malformed RTCP packet during an established call.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

WhatsApp ≫ WhatsApp Version2.21.23.2 SwPlatformandroid

WhatsApp ≫ WhatsApp Version2.21.230.6 SwPlatformiphone_os

WhatsApp ≫ WhatsApp Version2.2145.0 SwEditiondesktop

WhatsApp ≫ WhatsApp Business Version2.21.23.2 SwPlatformandroid

WhatsApp ≫ WhatsApp Business Version2.21.230.7 SwPlatformiphone_os

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.57%	0.675

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.1	3.9	5.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
nvd@nist.gov	6.4	10	4.9	AV:N/AC:L/Au:N/C:P/I:N/A:P

CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

https://www.whatsapp.com/security/advisories/2021/

Vendor Advisory

Not Applicable

https://www.whatsapp.com/security/advisories/2022/

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-24043

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-24043

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-24043

EUVD