CVE-2021-24042
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
The calling logic for WhatsApp for Android prior to v2.21.23, WhatsApp Business for Android prior to v2.21.23, WhatsApp for iOS prior to v2.21.230, WhatsApp Business for iOS prior to v2.21.230, WhatsApp for KaiOS prior to v2.2143, WhatsApp Desktop prior to v2.2146 could have allowed an out-of-bounds write if a user makes a 1:1 call to a malicious actor.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| WhatsApp Desktop | unspecified < v2.2146 | affected | |
| WhatsApp Desktop | v2.2146 < unspecified | unaffected | |
| WhatsApp for KaiOS | unspecified < v2.2143 | affected | |
| WhatsApp for KaiOS | v2.2143 < unspecified | unaffected | |
| WhatsApp Business for iOS | unspecified < v2.21.230 | affected | |
| WhatsApp Business for iOS | v2.21.230 < unspecified | unaffected | |
| WhatsApp for iOS | unspecified < v2.21.230 | affected | |
| WhatsApp for iOS | v2.21.230 < unspecified | unaffected | |
| WhatsApp Business for Android | unspecified < v2.21.23 | affected | |
| WhatsApp Business for Android | v2.21.23 < unspecified | unaffected | |
| WhatsApp for Android | unspecified < v2.21.23 | affected | |
| WhatsApp for Android | v2.21.23 < unspecified | unaffected |
Weaknesses
- CWE-122: Heap-based Buffer Overflow (CWE-122)
ADP Enrichment
CVE Program Container
Additional References
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.