CVE-2021-24026

2021-04-0616:45:15

CWE-787

facebook

www.cve.org

9.1 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

60.7%

JSON

A missing bounds check within the audio decoding pipeline for WhatsApp calls in WhatsApp for Android prior to v2.21.3, WhatsApp Business for Android prior to v2.21.3, WhatsApp for iOS prior to v2.21.32, and WhatsApp Business for iOS prior to v2.21.32 could have allowed an out-of-bounds write.

CNA Affected

[
  {
    "product": "WhatsApp Business for iOS",
    "vendor": "Facebook",
    "versions": [
      {
        "lessThan": "v2.21.32",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "WhatsApp for iOS",
    "vendor": "Facebook",
    "versions": [
      {
        "lessThan": "v2.21.32",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "WhatsApp Business for Android",
    "vendor": "Facebook",
    "versions": [
      {
        "lessThan": "v2.21.3",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "WhatsApp for Android",
    "vendor": "Facebook",
    "versions": [
      {
        "lessThan": "v2.21.3",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

www.whatsapp.com/security/advisories/2021/