CVE-2020-1894

Summary

A stack write overflow in WhatsApp for Android prior to v2.20.35, WhatsApp Business for Android prior to v2.20.20, WhatsApp for iPhone prior to v2.20.30, and WhatsApp Business for iPhone prior to v2.20.30 could have allowed arbitrary code execution when playing a specially crafted push to talk message.

Affected Software

VendorProductVersion RangeStatus
FacebookWhatsApp Android2.20.35affected
FacebookWhatsApp Androidunspecified < 2.20.35affected
FacebookWhatsApp Business for Android2.20.20affected
FacebookWhatsApp Business for Androidunspecified < 2.20.20affected
FacebookWhatsApp iPhone2.20.30affected
FacebookWhatsApp iPhoneunspecified < 2.20.30affected
FacebookWhatsApp Business for iPhone2.20.30affected
FacebookWhatsApp Business for iPhoneunspecified < 2.20.30affected

Weaknesses

  • CWE-787: Out-of-bounds Write (CWE-787)

ADP Enrichment

CVE Program Container

Additional References

References