CVE-2019-3568

Published May 14, 2019

Last updated 16 days ago

Exploit known CVSS critical 9.8

Overview

Description: A buffer overflow vulnerability in WhatsApp VOIP stack allowed remote code execution via specially crafted series of RTCP packets sent to a target phone number. The issue affects WhatsApp for Android prior to v2.19.134, WhatsApp Business for Android prior to v2.19.44, WhatsApp for iOS prior to v2.19.51, WhatsApp Business for iOS prior to v2.19.51, WhatsApp for Windows Phone prior to v2.18.348, and WhatsApp for Tizen prior to v2.18.15.
Source: cve-assign@fb.com
NVD status: Modified

Risk scores

CVSS 3.1

Type: Primary
Base score: 9.8
Impact score: 5.9
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: CRITICAL

CVSS 2.0

Type: Primary
Base score: 7.5
Impact score: 6.4
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:P/A:P

Known exploits

Data from CISA

Vulnerability name: WhatsApp VOIP Stack Buffer Overflow Vulnerability
Exploit added on: Apr 19, 2022
Exploit action due: May 10, 2022
Required action: Apply updates per vendor instructions.

Weaknesses

cve-assign@fb.com: CWE-122
nvd@nist.gov: CWE-787

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:whatsapp:whatsapp:*:*:*:*:*:tizen:*:*",
            "vulnerable": true,
            "matchCriteriaId": "49A0C7E5-1C25-4EA2-9436-A7922ACACB9B",
            "versionEndExcluding": "2.18.15"
          },
          {
            "criteria": "cpe:2.3:a:whatsapp:whatsapp:*:*:*:*:*:windows_phone:*:*",
            "vulnerable": true,
            "matchCriteriaId": "449816D3-570F-47D7-A70D-9351A4A6F190",
            "versionEndExcluding": "2.18.348"
          },
          {
            "criteria": "cpe:2.3:a:whatsapp:whatsapp:*:*:*:*:business:android:*:*",
            "vulnerable": true,
            "matchCriteriaId": "40408328-5F07-4AF3-A7A5-231D6EB05E9F",
            "versionEndExcluding": "2.19.44"
          },
          {
            "criteria": "cpe:2.3:a:whatsapp:whatsapp:*:*:*:*:*:iphone_os:*:*",
            "vulnerable": true,
            "matchCriteriaId": "84F1BA88-BA43-4857-B4C2-A32FA2937C11",
            "versionEndExcluding": "2.19.51"
          },
          {
            "criteria": "cpe:2.3:a:whatsapp:whatsapp:*:*:*:*:business:iphone_os:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5C0EFE9B-7E98-40D7-A7CF-789F9E96F876",
            "versionEndExcluding": "2.19.51"
          },
          {
            "criteria": "cpe:2.3:a:whatsapp:whatsapp:*:*:*:*:*:android:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B36B6FF7-DC69-4A5C-9FE7-EB127E6D0AA1",
            "versionEndExcluding": "2.19.134"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Known exploits

Weaknesses

Social media

Configurations

References