CVE-2018-6339

Summary

When receiving calls using WhatsApp on Android, a stack allocation failed to properly account for the amount of data being passed in. An off-by-one error meant that data was written beyond the allocated space on the stack. This issue affects WhatsApp for Android starting in version 2.18.180 and was fixed in version 2.18.295. It also affects WhatsApp Business for Android starting in version v2.18.103 and was fixed in version v2.18.150.

Affected Software

VendorProductVersion RangeStatus
FacebookWhatsApp for Android2.18.295affected
FacebookWhatsApp for Android2.18.180 < unspecifiedaffected
FacebookWhatsApp for Androidunspecified < 2.18.180unaffected
FacebookWhatsApp Business for Android2.18.150affected
FacebookWhatsApp Business for Android2.18.103 < unspecifiedaffected
FacebookWhatsApp Business for Androidunspecified < 2.18.103unaffected

Weaknesses

  • CWE-121: Stack-based Buffer Overflow (CWE-121)

ADP Enrichment

CVE Program Container

Additional References

References