CVE-2020-1907

Summary

A stack overflow in WhatsApp for Android prior to v2.20.196.16, WhatsApp Business for Android prior to v2.20.196.12, WhatsApp for iOS prior to v2.20.90, WhatsApp Business for iOS prior to v2.20.90, and WhatsApp for Portal prior to v173.0.0.29.505 could have allowed arbitrary code execution when parsing the contents of an RTP Extension header.

Affected Software

VendorProductVersion RangeStatus
FacebookWhatsApp for Android2.20.196.16affected
FacebookWhatsApp for Androidunspecified < 2.20.196.16affected
FacebookWhatsApp Business for Android2.20.196.12affected
FacebookWhatsApp Business for Androidunspecified < 2.20.196.12affected
FacebookWhatsApp for iOS2.20.90affected
FacebookWhatsApp for iOSunspecified < 2.20.90affected
FacebookWhatsApp Business for iOS2.20.90affected
FacebookWhatsApp Business for iOSunspecified < 2.20.90affected
FacebookWhatsApp for Portal173.0.0.29.505affected
FacebookWhatsApp for Portalunspecified < 173.0.0.29.505affected

Weaknesses

  • CWE-787: CWE-787: Out-of-bounds Write

ADP Enrichment

CVE Program Container

Additional References

References