CVE-2018-6339
CRITICALWhatsApp 2.18.180-2.18.294 and WhatsApp Business 2.18.103-2.18.149 - Stack-Based Buffer Overflow
Title source: llmDescription
When receiving calls using WhatsApp on Android, a stack allocation failed to properly account for the amount of data being passed in. An off-by-one error meant that data was written beyond the allocated space on the stack. This issue affects WhatsApp for Android starting in version 2.18.180 and was fixed in version 2.18.295. It also affects WhatsApp Business for Android starting in version v2.18.103 and was fixed in version v2.18.150.
References (1)
Core 1
Core References
Third Party Advisory x_refsource_misc
https://www.facebook.com/security/advisories/cve-2018-6339/
Scores
CVSS v3
9.8
EPSS
0.0154
EPSS Percentile
71.8%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-119
CWE-121
Status
published
Products (2)
whatsapp/whatsapp
2.18.180 - 2.18.295
whatsapp/whatsapp_business
2.18.103 - 2.18.150
Published
Jun 14, 2019
Tracked Since
Feb 18, 2026