CVE-2021-24042

Published: Jan 4, 2022Modified: May 22, 2025

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

The calling logic for WhatsApp for Android prior to v2.21.23, WhatsApp Business for Android prior to v2.21.23, WhatsApp for iOS prior to v2.21.230, WhatsApp Business for iOS prior to v2.21.230, WhatsApp for KaiOS prior to v2.2143, WhatsApp Desktop prior to v2.2146 could have allowed an out-of-bounds write if a user makes a 1:1 call to a malicious actor.

Affected (6)

Products: Whatsapp: Whatsapp

1 product

Configuration A

6 vulnerable

Vulnerable Software	Affected Versions
Whatsapp Whatsapp	Before 2.21.23
Whatsapp Whatsapp	Before 2.21.230
Whatsapp Whatsapp	Before 2.2143
Whatsapp Whatsapp	Before 2.21.23
Whatsapp Whatsapp	Before 2.21.230
Whatsapp Whatsapp	Before 2.2146

Related CWEs

CWE-122

Heap-based Buffer Overflow

A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().

CWE-787

Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

References (2)

https://www.whatsapp.com/security/advisories/2021/

Source: cve-assign@fb.com

Not ApplicableVendor Advisory

https://www.whatsapp.com/security/advisories/2021/

Source: af854a3a-2127-422b-91ae-364da2661108

Not ApplicableVendor Advisory

Timeline

No history available yet.