Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Whatsapp Subscribe

CVSS v3 Filter

ALL
NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 15 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-24043 1 Whatsapp 2 Whatsapp, Whatsapp Business 2022-02-07 6.4 MEDIUM 9.1 CRITICAL
A missing bound check in RTCP flag parsing code prior to WhatsApp for Android v2.21.23.2, WhatsApp Business for Android v2.21.23.2, WhatsApp for iOS v2.21.230.6, WhatsApp Business for iOS 2.21.230.7, and WhatsApp Desktop v2.2145.0 could have allowed an out-of-bounds heap read if a user sent a malformed RTCP packet during an established call.
CVE-2021-24042 1 Whatsapp 1 Whatsapp 2022-01-14 7.5 HIGH 9.8 CRITICAL
The calling logic for WhatsApp for Android prior to v2.21.23, WhatsApp Business for Android prior to v2.21.23, WhatsApp for iOS prior to v2.21.230, WhatsApp Business for iOS prior to v2.21.230, WhatsApp for KaiOS prior to v2.2143, WhatsApp Desktop prior to v2.2146 could have allowed an out-of-bounds write if a user makes a 1:1 call to a malicious actor.
CVE-2021-24041 1 Whatsapp 2 Whatsapp, Whatsapp Business 2021-12-08 7.5 HIGH 9.8 CRITICAL
A missing bounds check in image blurring code prior to WhatsApp for Android v2.21.22.7 and WhatsApp Business for Android v2.21.22.7 could have allowed an out-of-bounds write if a user sent a malicious image.
CVE-2020-1889 1 Whatsapp 1 Whatsapp Desktop 2021-09-14 7.5 HIGH 10.0 CRITICAL
A security feature bypass issue in WhatsApp Desktop versions prior to v0.3.4932 could have allowed for sandbox escape in Electron and escalation of privilege if combined with a remote code execution vulnerability inside the sandboxed renderer process.
CVE-2019-11933 2 Libpl Droidsonroids Gif Project, Whatsapp 2 Libpl Droidsonroids Gif, Whatsapp 2021-09-14 7.5 HIGH 9.8 CRITICAL
A heap buffer overflow bug in libpl_droidsonroids_gif before 1.2.19, as used in WhatsApp for Android before version 2.19.291 could allow remote attackers to execute arbitrary code or cause a denial of service.
CVE-2021-24035 1 Whatsapp 1 Whatsapp 2021-06-21 6.4 MEDIUM 9.1 CRITICAL
A lack of filename validation when unzipping archives prior to WhatsApp for Android v2.21.8.13 and WhatsApp Business for Android v2.21.8.13 could have allowed path traversal attacks that overwrite WhatsApp files.
CVE-2021-24026 1 Whatsapp 2 Whatsapp, Whatsapp Business 2021-04-15 10.0 HIGH 9.8 CRITICAL
A missing bounds check within the audio decoding pipeline for WhatsApp calls in WhatsApp for Android prior to v2.21.3, WhatsApp Business for Android prior to v2.21.3, WhatsApp for iOS prior to v2.21.32, and WhatsApp Business for iOS prior to v2.21.32 could have allowed an out-of-bounds write.
CVE-2020-1909 1 Whatsapp 2 Whatsapp, Whatsapp Business 2020-11-06 7.5 HIGH 9.8 CRITICAL
A use-after-free in a logging library in WhatsApp for iOS prior to v2.20.111 and WhatsApp Business for iOS prior to v2.20.111 could have resulted in memory corruption, crashes and potentially code execution. This could have happened only if several events occurred together in sequence, including receiving an animated sticker while placing a WhatsApp video call on hold.
CVE-2020-1907 1 Whatsapp 2 Whatsapp, Whatsapp Business 2020-10-15 7.5 HIGH 9.8 CRITICAL
A stack overflow in WhatsApp for Android prior to v2.20.196.16, WhatsApp Business for Android prior to v2.20.196.12, WhatsApp for iOS prior to v2.20.90, WhatsApp Business for iOS prior to v2.20.90, and WhatsApp for Portal prior to v173.0.0.29.505 could have allowed arbitrary code execution when parsing the contents of an RTP Extension header.
CVE-2018-6349 1 Whatsapp 1 Whatsapp 2020-09-21 7.5 HIGH 9.8 CRITICAL
When receiving calls using WhatsApp for Android, a missing size check when parsing a sender-provided packet allowed for a stack-based overflow. This issue affects WhatsApp for Android prior to 2.18.248 and WhatsApp Business for Android prior to 2.18.132.
CVE-2018-20655 1 Whatsapp 1 Whatsapp 2020-09-18 7.5 HIGH 9.8 CRITICAL
When receiving calls using WhatsApp for iOS, a missing size check when parsing a sender-provided packet allowed for a stack-based overflow. This issue affects WhatsApp for iOS prior to v2.18.90.24 and WhatsApp Business for iOS prior to v2.18.90.24.
CVE-2020-1891 1 Whatsapp 2 Whatsapp, Whatsapp Business 2020-09-11 7.5 HIGH 9.8 CRITICAL
A user controlled parameter used in video call in WhatsApp for Android prior to v2.20.17, WhatsApp Business for Android prior to v2.20.7, WhatsApp for iPhone prior to v2.20.20, and WhatsApp Business for iPhone prior to v2.20.20 could have allowed an out-of-bounds write on 32-bit devices.
CVE-2018-6339 1 Whatsapp 1 Whatsapp 2019-10-09 7.5 HIGH 9.8 CRITICAL
When receiving calls using WhatsApp on Android, a stack allocation failed to properly account for the amount of data being passed in. An off-by-one error meant that data was written beyond the allocated space on the stack. This issue affects WhatsApp for Android starting in version 2.18.180 and was fixed in version 2.18.295. It also affects WhatsApp Business for Android starting in version v2.18.103 and was fixed in version v2.18.150.
CVE-2019-3568 1 Whatsapp 1 Whatsapp 2019-08-13 7.5 HIGH 9.8 CRITICAL
A buffer overflow vulnerability in WhatsApp VOIP stack allowed remote code execution via specially crafted series of RTCP packets sent to a target phone number. The issue affects WhatsApp for Android prior to v2.19.134, WhatsApp Business for Android prior to v2.19.44, WhatsApp for iOS prior to v2.19.51, WhatsApp Business for iOS prior to v2.19.51, WhatsApp for Windows Phone prior to v2.18.348, and WhatsApp for Tizen prior to v2.18.15.
CVE-2018-6350 1 Whatsapp 1 Whatsapp 2019-06-18 7.5 HIGH 9.8 CRITICAL
An out-of-bounds read was possible in WhatsApp due to incorrect parsing of RTP extension headers. This issue affects WhatsApp for Android prior to 2.18.276, WhatsApp Business for Android prior to 2.18.99, WhatsApp for iOS prior to 2.18.100.6, WhatsApp Business for iOS prior to 2.18.100.2, and WhatsApp for Windows Phone prior to 2.18.224.