CVE-2021-24026
CRITICALWhatsApp < 2.21.3 and WhatsApp Business < 2.21.32 - Out-of-bounds Write in Audio Decoding Pipeline
Title source: llmDescription
A missing bounds check within the audio decoding pipeline for WhatsApp calls in WhatsApp for Android prior to v2.21.3, WhatsApp Business for Android prior to v2.21.3, WhatsApp for iOS prior to v2.21.32, and WhatsApp Business for iOS prior to v2.21.32 could have allowed an out-of-bounds write.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
https://www.whatsapp.com/security/advisories/2021/
Scores
CVSS v3
9.8
EPSS
0.0141
EPSS Percentile
69.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-787
Status
published
Products (3)
whatsapp/whatsapp
< 2.21.3 (2 CPE variants)
whatsapp/whatsapp_business
< 2.21.3
whatsapp/whatsapp_business
< 2.21.32
Published
Apr 06, 2021
Tracked Since
Feb 18, 2026