Description
A heap corruption in WhatsApp can be caused by a malformed RTP packet being sent after a call is established. The vulnerability can be used to cause denial of service. It affects WhatsApp for Android prior to v2.18.293, WhatsApp for iOS prior to v2.18.93, and WhatsApp for Windows Phone prior to v2.18.172.
References (2)
Core 2
Core References
Exploit, Third Party Advisory x_refsource_misc
https://googleprojectzero.blogspot.com/2018/12/adventures-in-video-conferencing-part-3.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/106365
Scores
CVSS v3
7.5
EPSS
0.0056
EPSS Percentile
68.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-122
CWE-787
Status
published
Products (3)
whatsapp/whatsapp
< 2.18.172
whatsapp/whatsapp
< 2.18.293
whatsapp/whatsapp
< 2.18.93
Published
Dec 31, 2018
Tracked Since
Feb 18, 2026