CyberSec.Space Logo
Back to CVE Browser

CVE-2018-20655

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1650%
EPSS Percentile3.38th
PublishedJun 14, 2019
Last ModifiedSep 3, 2025

Vulnerability Description

When receiving calls using WhatsApp for iOS, a missing size check when parsing a sender-provided packet allowed for a stack-based overflow. This issue affects WhatsApp for iOS prior to v2.18.90.24 and WhatsApp Business for iOS prior to v2.18.90.24.

Affected Platforms (CPE)

πŸ“¦
Whatsapp

Whatsapp

< 2.18.90.24
πŸ“¦
Whatsapp

Whatsapp Business

< 2.18.90.24

References & Advisories

πŸ”— http://www.securityfocus.com/bid/108805
πŸ”— https://www.facebook.com/security/advisories/cve-2018-20655/
πŸ”— http://www.securityfocus.com/bid/108805
πŸ”— https://www.facebook.com/security/advisories/cve-2018-20655/

Related Vulnerabilities

CVE-2020-188910.0

A security feature bypass issue in WhatsApp Desktop versions prior to v0.3.4932 could have allowed for sandbox escape in Electron ...

CVE-2018-63499.8

When receiving calls using WhatsApp for Android, a missing size check when parsing a sender-provided packet allowed for a stack-ba...

CVE-2018-63509.8

An out-of-bounds read was possible in WhatsApp due to incorrect parsing of RTP extension headers. This issue affects WhatsApp for ...

CVE-2018-63399.8

When receiving calls using WhatsApp on Android, a stack allocation failed to properly account for the amount of data being passed ...