PT-2022-9434 · Facebook · Whatsapp For Ios+4

Published

2022-01-04

Updated

2022-01-14

CVE-2021-24042

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions WhatsApp for Android versions prior to 2.21.23 WhatsApp Business for Android versions prior to 2.21.23 WhatsApp for iOS versions prior to 2.21.230 WhatsApp Business for iOS versions prior to 2.21.230 WhatsApp for KaiOS versions prior to 2.2143 WhatsApp Desktop versions prior to 2.2146

Description The issue could have allowed an out-of-bounds write if a user makes a 1:1 call to a malicious actor.

Recommendations For WhatsApp for Android versions prior to 2.21.23, update to version 2.21.23 or later. For WhatsApp Business for Android versions prior to 2.21.23, update to version 2.21.23 or later. For WhatsApp for iOS versions prior to 2.21.230, update to version 2.21.230 or later. For WhatsApp Business for iOS versions prior to 2.21.230, update to version 2.21.230 or later. For WhatsApp for KaiOS versions prior to 2.2143, update to version 2.2143 or later. For WhatsApp Desktop versions prior to 2.2146, update to version 2.2146 or later.

Fix

Memory Corruption

Heap Based Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787CWE-122

Related Identifiers

CVE-2021-24042

Affected Products

Whatsapp Business For Android

Whatsapp Business For Ios

Whatsapp Desktop

Whatsapp For Android

Whatsapp For Ios

PT-2022-9434 · Facebook · Whatsapp For Ios+4

CVE-2021-24042

Weakness Enumeration

Related Identifiers

Affected Products

References · 4