CVE-2020-1903
MEDIUMWhatsApp and WhatsApp Business < 2.20.61 - Denial of Service via Malicious Office Document Unzipping
Title source: llmDescription
An issue when unzipping docx, pptx, and xlsx documents in WhatsApp for iOS prior to v2.20.61 and WhatsApp Business for iOS prior to v2.20.61 could have resulted in an out-of-memory denial of service. This issue would have required the receiver to explicitly open the attachment if it was received from a number not in the receiver's WhatsApp contacts.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
https://www.whatsapp.com/security/advisories/2020/
Scores
CVSS v3
5.5
EPSS
0.0065
EPSS Percentile
46.5%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Details
CWE
CWE-400
Status
published
Products (2)
whatsapp/whatsapp
< 2.20.61
whatsapp/whatsapp_business
< 2.20.61
Published
Oct 06, 2020
Tracked Since
Feb 18, 2026