CVE-2021-24043

Published: Feb 2, 2022Modified: Nov 21, 2024

9.1

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Exploitability: 3.9 / Impact: 5.2

Source: NVD

Description

A missing bound check in RTCP flag parsing code prior to WhatsApp for Android v2.21.23.2, WhatsApp Business for Android v2.21.23.2, WhatsApp for iOS v2.21.230.6, WhatsApp Business for iOS 2.21.230.7, and WhatsApp Desktop v2.2145.0 could have allowed an out-of-bounds heap read if a user sent a malformed RTCP packet during an established call.

Affected (5)

Products: Whatsapp: Whatsapp, Whatsapp Business

2 products

Whatsapp Business

Configuration A

5 vulnerable

Vulnerable Software	Affected Versions
Whatsapp Whatsapp	Version 2.21.23.2
Whatsapp Whatsapp	Version 2.21.230.6
Whatsapp Whatsapp	Version 2.2145.0
Whatsapp Whatsapp Business	Version 2.21.23.2
Whatsapp Whatsapp Business	Version 2.21.230.7

Related CWEs

CWE-125

Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

References (3)

https://www.whatsapp.com/security/advisories/2021/

Source: cve-assign@fb.com

Not ApplicableVendor Advisory

https://www.whatsapp.com/security/advisories/2022/

Source: nvd@nist.gov

Vendor Advisory

https://www.whatsapp.com/security/advisories/2021/

Source: af854a3a-2127-422b-91ae-364da2661108

Not ApplicableVendor Advisory

Timeline

No history available yet.