CVE-2018-6349

Summary

When receiving calls using WhatsApp for Android, a missing size check when parsing a sender-provided packet allowed for a stack-based overflow. This issue affects WhatsApp for Android prior to 2.18.248 and WhatsApp Business for Android prior to 2.18.132.

Affected Software

VendorProductVersion RangeStatus
FacebookWhatsApp for Android2.18.248affected
FacebookWhatsApp for Androidunspecified < 2.18.248affected
FacebookWhatsApp Business for Android2.18.132affected
FacebookWhatsApp Business for Androidunspecified < 2.18.132affected

Weaknesses

  • CWE-121: Stack-based Buffer Overflow (CWE-121)

ADP Enrichment

CVE Program Container

Additional References

References