9.1

CVE-2021-24043

EPSS 0.57%
Published 02.02.2022 12:15:07
Last modified 21.11.2024 05:52:16
Source cve-assign@fb.com
Teams watchlist Login
Open Login

A missing bound check in RTCP flag parsing code prior to WhatsApp for Android v2.21.23.2, WhatsApp Business for Android v2.21.23.2, WhatsApp for iOS v2.21.230.6, WhatsApp Business for iOS 2.21.230.7, and WhatsApp Desktop v2.2145.0 could have allowed an out-of-bounds heap read if a user sent a malformed RTCP packet during an established call.

Affected products Warnungen 0 Metrics 3 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

WhatsApp ≫ WhatsApp Version2.21.23.2 SwPlatformandroid

WhatsApp ≫ WhatsApp Version2.21.230.6 SwPlatformiphone_os

WhatsApp ≫ WhatsApp Version2.2145.0 SwEditiondesktop

WhatsApp ≫ WhatsApp Business Version2.21.23.2 SwPlatformandroid

WhatsApp ≫ WhatsApp Business Version2.21.230.7 SwPlatformiphone_os

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.57%	0.675

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.1	3.9	5.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
nvd@nist.gov	6.4	10	4.9	AV:N/AC:L/Au:N/C:P/I:N/A:P

CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

https://www.whatsapp.com/security/advisories/2021/

Vendor Advisory

Not Applicable

https://www.whatsapp.com/security/advisories/2022/

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-24043

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-24043

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-24043

EUVD