CVE-2018-6350

Summary

An out-of-bounds read was possible in WhatsApp due to incorrect parsing of RTP extension headers. This issue affects WhatsApp for Android prior to 2.18.276, WhatsApp Business for Android prior to 2.18.99, WhatsApp for iOS prior to 2.18.100.6, WhatsApp Business for iOS prior to 2.18.100.2, and WhatsApp for Windows Phone prior to 2.18.224.

Affected Software

VendorProductVersion RangeStatus
FacebookWhatsApp for Android2.18.276affected
FacebookWhatsApp for Androidunspecified < 2.18.276affected
FacebookWhatsApp Business for Android2.18.99affected
FacebookWhatsApp Business for Androidunspecified < 2.18.99affected
FacebookWhatsApp for iOS2.18.100.6affected
FacebookWhatsApp for iOSunspecified < 2.18.100.6affected
FacebookWhatsApp Business for iOS2.18.100.2affected
FacebookWhatsApp Business for iOSunspecified < 2.18.100.2affected
FacebookWhatsApp for Windows Phone2.18.224affected
FacebookWhatsApp for Windows Phoneunspecified < 2.18.224affected

Weaknesses

  • CWE-125: Out-of-bounds Read (CWE-125)

ADP Enrichment

CVE Program Container

Additional References

References