Lucene search

FacebookCVE-2021-24042

HistoryJan 04, 2022 - 7:15 p.m.

CVE-2021-24042

2022-01-0419:15:14

CWE-787

CWE-122

facebook

web.nvd.nist.gov

3247

cve-2021-24042

android

ios

kaios

security

vulnerability

out-of-bounds write

nvd

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8.8

Confidence

High

EPSS

0.001

Percentile

44.1%

JSON

The calling logic for WhatsApp for Android prior to v2.21.23, WhatsApp Business for Android prior to v2.21.23, WhatsApp for iOS prior to v2.21.230, WhatsApp Business for iOS prior to v2.21.230, WhatsApp for KaiOS prior to v2.2143, WhatsApp Desktop prior to v2.2146 could have allowed an out-of-bounds write if a user makes a 1:1 call to a malicious actor.

Affected configurations

Nvd

Node

whatsappwhatsappRange<2.21.23android-

whatsappwhatsappRange<2.21.23businessandroid

whatsappwhatsappRange<2.21.230iphone_os-

whatsappwhatsappRange<2.21.230businessiphone_os-

whatsappwhatsappRange<2.2143kaios

whatsappwhatsappRange<2.2146desktop-

VendorProductVersionCPE
whatsappwhatsapp*cpe:2.3:a:whatsapp:whatsapp:*:*:*:*:*:android:-:*
whatsappwhatsapp*cpe:2.3:a:whatsapp:whatsapp:*:*:*:*:business:android:*:*
whatsappwhatsapp*cpe:2.3:a:whatsapp:whatsapp:*:*:*:*:*:iphone_os:-:*
whatsappwhatsapp*cpe:2.3:a:whatsapp:whatsapp:*:*:*:*:business:iphone_os:-:*
whatsappwhatsapp*cpe:2.3:a:whatsapp:whatsapp:*:*:*:*:*:kaios:*:*
whatsappwhatsapp*cpe:2.3:a:whatsapp:whatsapp:*:*:*:*:desktop:-:*:*

Vendor	Product	Version	CPE
whatsapp	whatsapp	*	cpe:2.3:a:whatsapp:whatsapp::::::android:-:
whatsapp	whatsapp	*	cpe:2.3:a:whatsapp:whatsapp:::::business:android::
whatsapp	whatsapp	*	cpe:2.3:a:whatsapp:whatsapp::::::iphone_os:-:
whatsapp	whatsapp	*	cpe:2.3:a:whatsapp:whatsapp:::::business:iphone_os:-:*
whatsapp	whatsapp	*	cpe:2.3:a:whatsapp:whatsapp::::::kaios::*
whatsapp	whatsapp	*	cpe:2.3:a:whatsapp:whatsapp:::::desktop:-::

CNA Affected

[
  {
    "product": "WhatsApp Desktop",
    "vendor": "Facebook",
    "versions": [
      {
        "lessThan": "v2.2146",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "lessThan": "unspecified",
        "status": "unaffected",
        "version": "v2.2146",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "WhatsApp for KaiOS",
    "vendor": "Facebook",
    "versions": [
      {
        "lessThan": "v2.2143",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "lessThan": "unspecified",
        "status": "unaffected",
        "version": "v2.2143",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "WhatsApp Business for iOS",
    "vendor": "Facebook",
    "versions": [
      {
        "lessThan": "v2.21.230",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "lessThan": "unspecified",
        "status": "unaffected",
        "version": "v2.21.230",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "WhatsApp for iOS",
    "vendor": "Facebook",
    "versions": [
      {
        "lessThan": "v2.21.230",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "lessThan": "unspecified",
        "status": "unaffected",
        "version": "v2.21.230",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "WhatsApp Business for Android",
    "vendor": "Facebook",
    "versions": [
      {
        "lessThan": "v2.21.23",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "lessThan": "unspecified",
        "status": "unaffected",
        "version": "v2.21.23",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "WhatsApp for Android",
    "vendor": "Facebook",
    "versions": [
      {
        "lessThan": "v2.21.23",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "lessThan": "unspecified",
        "status": "unaffected",
        "version": "v2.21.23",
        "versionType": "custom"
      }
    ]
  }
]

References

www.whatsapp.com/security/advisories/2021/

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8.8

Confidence

High

EPSS

0.001

Percentile

44.1%

JSON

Related for CVE-2021-24042