Lucene search

[email protected]CVE-2023-38538

HistoryOct 04, 2023 - 8:15 p.m.

CVE-2023-38538

2023-10-0420:15:10

CWE-362

[email protected]

web.nvd.nist.gov

cve-2023-38538

race condition

event subsystem

heap use-after-free

audio/video calls

nvd

5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L

5.1 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.1%

JSON

A race condition in an event subsystem led to a heap use-after-free issue in established audio/video calls that could have resulted in app termination or unexpected control flow with very low probability.

Affected configurations

NVD

Node

whatsappwhatsappRange<2.2320.2desktopwindows

CPENameOperatorVersion
whatsapp:whatsappwhatsapplt2.2320.2

CPE	Name	Operator	Version
whatsapp:whatsapp	whatsapp	lt	2.2320.2

CNA Affected

[
  {
    "defaultStatus": "affected",
    "product": "WhatsApp Desktop for Mac",
    "vendor": "Facebook",
    "versions": [
      {
        "lessThan": "2.2338.12",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "affected",
    "product": "WhatsApp Desktop for Windows",
    "vendor": "Facebook",
    "versions": [
      {
        "lessThan": "2.2320.2",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "affected",
    "product": "WhatsApp Business for iOS",
    "vendor": "Facebook",
    "versions": [
      {
        "lessThan": "2.23.10.77",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "affected",
    "product": "WhatsApp for iOS",
    "vendor": "Facebook",
    "versions": [
      {
        "lessThan": "2.23.10.77",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "affected",
    "product": "WhatsApp Business for Android",
    "vendor": "Facebook",
    "versions": [
      {
        "lessThan": "2.23.10.77",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "affected",
    "product": "WhatsApp for Android",
    "vendor": "Facebook",
    "versions": [
      {
        "lessThan": "2.23.10.77",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  }
]

References

www.whatsapp.com/security/advisories/2023/