CVE-2021-24026

CRITICAL

WhatsApp < 2.21.3 and WhatsApp Business < 2.21.32 - Out-of-bounds Write in Audio Decoding Pipeline

Title source: llm
STIX 2.1

Description

A missing bounds check within the audio decoding pipeline for WhatsApp calls in WhatsApp for Android prior to v2.21.3, WhatsApp Business for Android prior to v2.21.3, WhatsApp for iOS prior to v2.21.32, and WhatsApp Business for iOS prior to v2.21.32 could have allowed an out-of-bounds write.

References (1)

Core 1
Core References
Vendor Advisory x_refsource_confirm
https://www.whatsapp.com/security/advisories/2021/

Scores

CVSS v3 9.8
EPSS 0.0141
EPSS Percentile 69.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-787
Status published
Products (3)
whatsapp/whatsapp < 2.21.3 (2 CPE variants)
whatsapp/whatsapp_business < 2.21.3
whatsapp/whatsapp_business < 2.21.32
Published Apr 06, 2021
Tracked Since Feb 18, 2026