CVE-2021-24043

CRITICAL

Whatsapp - Out-of-Bounds Read

Title source: rule

Description

A missing bound check in RTCP flag parsing code prior to WhatsApp for Android v2.21.23.2, WhatsApp Business for Android v2.21.23.2, WhatsApp for iOS v2.21.230.6, WhatsApp Business for iOS 2.21.230.7, and WhatsApp Desktop v2.2145.0 could have allowed an out-of-bounds heap read if a user sent a malformed RTCP packet during an established call.

References (2)

Core 2

Core References

Not Applicable, Vendor Advisory x_refsource_confirm

https://www.whatsapp.com/security/advisories/2021/

Vendor Advisory

https://www.whatsapp.com/security/advisories/2022/

Scores

CVSS v3 9.1

EPSS 0.0057

EPSS Percentile 68.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Details

CWE

CWE-125

Status published

Products (5)

whatsapp/whatsapp 2.21.23.2

whatsapp/whatsapp 2.21.230.6

whatsapp/whatsapp 2.2145.0

whatsapp/whatsapp_business 2.21.23.2

whatsapp/whatsapp_business 2.21.230.7

Published Feb 02, 2022

Tracked Since Feb 18, 2026