CyberSec.Space Logo
Back to CVE Browser

CVE-2018-6349

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1780%
EPSS Percentile7.64th
PublishedJun 14, 2019
Last ModifiedSep 3, 2025

Vulnerability Description

When receiving calls using WhatsApp for Android, a missing size check when parsing a sender-provided packet allowed for a stack-based overflow. This issue affects WhatsApp for Android prior to 2.18.248 and WhatsApp Business for Android prior to 2.18.132.

Affected Platforms (CPE)

πŸ“¦
Whatsapp

Whatsapp

< 2.18.248
πŸ“¦
Whatsapp

Whatsapp Business

< 2.18.132

References & Advisories

πŸ”— http://www.securityfocus.com/bid/108804
πŸ”— https://www.facebook.com/security/advisories/cve-2018-6349/
πŸ”— http://www.securityfocus.com/bid/108804
πŸ”— https://www.facebook.com/security/advisories/cve-2018-6349/

Related Vulnerabilities

CVE-2020-188910.0

A security feature bypass issue in WhatsApp Desktop versions prior to v0.3.4932 could have allowed for sandbox escape in Electron ...

CVE-2018-63399.8

When receiving calls using WhatsApp on Android, a stack allocation failed to properly account for the amount of data being passed ...

CVE-2018-63509.8

An out-of-bounds read was possible in WhatsApp due to incorrect parsing of RTP extension headers. This issue affects WhatsApp for ...

CVE-2018-206559.8

When receiving calls using WhatsApp for iOS, a missing size check when parsing a sender-provided packet allowed for a stack-based ...