Lucene search

K
cveFacebookCVE-2019-3568
HistoryMay 14, 2019 - 8:29 p.m.

CVE-2019-3568

2019-05-1420:29:03
CWE-119
CWE-122
facebook
web.nvd.nist.gov
1146
In Wild
1
whatsapp
voip
buffer overflow
remote code execution
cve-2019-3568
rtcp packets
security vulnerability

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.3

Confidence

High

EPSS

0.023

Percentile

89.7%

A buffer overflow vulnerability in WhatsApp VOIP stack allowed remote code execution via specially crafted series of RTCP packets sent to a target phone number. The issue affects WhatsApp for Android prior to v2.19.134, WhatsApp Business for Android prior to v2.19.44, WhatsApp for iOS prior to v2.19.51, WhatsApp Business for iOS prior to v2.19.51, WhatsApp for Windows Phone prior to v2.18.348, and WhatsApp for Tizen prior to v2.18.15.

Affected configurations

Nvd
Node
whatsappwhatsappRange<2.18.15tizen
OR
whatsappwhatsappRange<2.18.348windows_phone
OR
whatsappwhatsappRange<2.19.44businessandroid
OR
whatsappwhatsappRange<2.19.51iphone_os
OR
whatsappwhatsappRange<2.19.51businessiphone_os
OR
whatsappwhatsappRange<2.19.134android
VendorProductVersionCPE
whatsappwhatsapp*cpe:2.3:a:whatsapp:whatsapp:*:*:*:*:*:tizen:*:*
whatsappwhatsapp*cpe:2.3:a:whatsapp:whatsapp:*:*:*:*:*:windows_phone:*:*
whatsappwhatsapp*cpe:2.3:a:whatsapp:whatsapp:*:*:*:*:business:android:*:*
whatsappwhatsapp*cpe:2.3:a:whatsapp:whatsapp:*:*:*:*:*:iphone_os:*:*
whatsappwhatsapp*cpe:2.3:a:whatsapp:whatsapp:*:*:*:*:business:iphone_os:*:*
whatsappwhatsapp*cpe:2.3:a:whatsapp:whatsapp:*:*:*:*:*:android:*:*

CNA Affected

[
  {
    "product": "WhatsApp for Android",
    "vendor": "Facebook",
    "versions": [
      {
        "status": "affected",
        "version": "2.19.134"
      },
      {
        "lessThan": "2.19.134",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "WhatsApp Business for Android",
    "vendor": "Facebook",
    "versions": [
      {
        "status": "affected",
        "version": "2.19.44"
      },
      {
        "lessThan": "2.19.134",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "WhatsApp for iOS",
    "vendor": "Facebook",
    "versions": [
      {
        "status": "affected",
        "version": "2.19.51"
      },
      {
        "lessThan": "2.19.51",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "WhatsApp Business for iOS",
    "vendor": "Facebook",
    "versions": [
      {
        "status": "affected",
        "version": "2.19.51"
      },
      {
        "lessThan": "2.19.51",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "WhatsApp for Windows Phone",
    "vendor": "Facebook",
    "versions": [
      {
        "status": "affected",
        "version": "2.18.348"
      },
      {
        "lessThan": "2.18.348",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "WhatsApp for Tizen",
    "vendor": "Facebook",
    "versions": [
      {
        "status": "affected",
        "version": "2.18.15"
      },
      {
        "lessThan": "2.18.15",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

Social References

More

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.3

Confidence

High

EPSS

0.023

Percentile

89.7%