CVE-2019-3568

CRITICAL KEV

Whatsapp < 2.18.15 - Out-of-Bounds Write

Title source: rule

Description

A buffer overflow vulnerability in WhatsApp VOIP stack allowed remote code execution via specially crafted series of RTCP packets sent to a target phone number. The issue affects WhatsApp for Android prior to v2.19.134, WhatsApp Business for Android prior to v2.19.44, WhatsApp for iOS prior to v2.19.51, WhatsApp Business for iOS prior to v2.19.51, WhatsApp for Windows Phone prior to v2.18.348, and WhatsApp for Tizen prior to v2.18.15.

References (3)

[Broken Link, Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/108329

[Third Party Advisory] https://www.facebook.com/security/advisories/cve-2019-3568

[US Government Resource] https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-3568

Scores

CVSS v3 9.8

EPSS 0.4737

EPSS Percentile 97.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CISA KEV 2022-04-19

VulnCheck KEV 2019-05-13

InTheWild.io 2019-05-13

ENISA EUVD EUVD-2019-13204

CWE

CWE-122 CWE-787

Status published

Products (6)

whatsapp/whatsapp < 2.18.15

whatsapp/whatsapp < 2.18.348

whatsapp/whatsapp < 2.19.134

whatsapp/whatsapp < 2.19.51

whatsapp/whatsapp_business < 2.19.44

whatsapp/whatsapp_business < 2.19.51

Published May 14, 2019

KEV Added Apr 19, 2022

Tracked Since Feb 18, 2026