Main Vulnerability Database Vulnerabilities #VU35829

Buffer overflow in WhatsApp Messenger for Android - CVE-2018-6339

Published: June 14, 2019 / Updated: August 8, 2020

Vulnerability identifier: #VU35829

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2018-6339

CWE-ID: CWE-119

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: WhatsApp

Affected software:
WhatsApp Messenger for Android

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

When receiving calls using WhatsApp on Android, a stack allocation failed to properly account for the amount of data being passed in. An off-by-one error meant that data was written beyond the allocated space on the stack. This issue affects WhatsApp for Android starting in version 2.18.180 and was fixed in version 2.18.295. It also affects WhatsApp Business for Android starting in version v2.18.103 and was fixed in version v2.18.150.

How to mitigate CVE-2018-6339

Install update from vendor's website.

Sources

https://www.facebook.com/security/advisories/cve-2018-6339/

Buffer overflow in WhatsApp Messenger for Android - CVE-2018-6339

Detailed vulnerability description

How to mitigate CVE-2018-6339

Sources

Please verify you're human