CVE-2021-24042

Summary

The calling logic for WhatsApp for Android prior to v2.21.23, WhatsApp Business for Android prior to v2.21.23, WhatsApp for iOS prior to v2.21.230, WhatsApp Business for iOS prior to v2.21.230, WhatsApp for KaiOS prior to v2.2143, WhatsApp Desktop prior to v2.2146 could have allowed an out-of-bounds write if a user makes a 1:1 call to a malicious actor.

Affected Software

VendorProductVersion RangeStatus
FacebookWhatsApp Desktopunspecified < v2.2146affected
FacebookWhatsApp Desktopv2.2146 < unspecifiedunaffected
FacebookWhatsApp for KaiOSunspecified < v2.2143affected
FacebookWhatsApp for KaiOSv2.2143 < unspecifiedunaffected
FacebookWhatsApp Business for iOSunspecified < v2.21.230affected
FacebookWhatsApp Business for iOSv2.21.230 < unspecifiedunaffected
FacebookWhatsApp for iOSunspecified < v2.21.230affected
FacebookWhatsApp for iOSv2.21.230 < unspecifiedunaffected
FacebookWhatsApp Business for Androidunspecified < v2.21.23affected
FacebookWhatsApp Business for Androidv2.21.23 < unspecifiedunaffected
FacebookWhatsApp for Androidunspecified < v2.21.23affected
FacebookWhatsApp for Androidv2.21.23 < unspecifiedunaffected

Weaknesses

  • CWE-122: Heap-based Buffer Overflow (CWE-122)

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References