CVE-2021-24043

CRITICAL

WhatsApp and WhatsApp Business - Out-of-bounds Read in RTCP Flag Parsing

Title source: llm
STIX 2.1

Description

A missing bound check in RTCP flag parsing code prior to WhatsApp for Android v2.21.23.2, WhatsApp Business for Android v2.21.23.2, WhatsApp for iOS v2.21.230.6, WhatsApp Business for iOS 2.21.230.7, and WhatsApp Desktop v2.2145.0 could have allowed an out-of-bounds heap read if a user sent a malformed RTCP packet during an established call.

References (2)

Core 2
Core References
Not Applicable, Vendor Advisory x_refsource_confirm
https://www.whatsapp.com/security/advisories/2021/

Scores

CVSS v3 9.1
EPSS 0.0112
EPSS Percentile 62.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Details

CWE
CWE-125
Status published
Products (5)
whatsapp/whatsapp 2.21.23.2
whatsapp/whatsapp 2.21.230.6
whatsapp/whatsapp 2.2145.0
whatsapp/whatsapp_business 2.21.23.2
whatsapp/whatsapp_business 2.21.230.7
Published Feb 02, 2022
Tracked Since Feb 18, 2026