CVE-2020-1891

Summary

A user controlled parameter used in video call in WhatsApp for Android prior to v2.20.17, WhatsApp Business for Android prior to v2.20.7, WhatsApp for iPhone prior to v2.20.20, and WhatsApp Business for iPhone prior to v2.20.20 could have allowed an out-of-bounds write on 32-bit devices.

Affected Software

VendorProductVersion RangeStatus
FacebookWhatsApp Android2.20.17affected
FacebookWhatsApp Androidunspecified < 2.20.17affected
FacebookWhatsApp Business for Android2.20.7affected
FacebookWhatsApp Business for Androidunspecified < 2.20.7affected
FacebookWhatsApp iPhone2.20.20affected
FacebookWhatsApp iPhoneunspecified < 2.20.20affected
FacebookWhatsApp Business for iPhone2.20.20affected
FacebookWhatsApp Business for iPhoneunspecified < 2.20.20affected

Weaknesses

  • CWE-787: Out-of-bounds Write (CWE-787)

ADP Enrichment

CVE Program Container

Additional References

References