CyberSec.Space Logo
Back to CVE Browser

CVE-2018-6350

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0610%
EPSS Percentile8.04th
PublishedJun 14, 2019
Last ModifiedSep 3, 2025

Vulnerability Description

An out-of-bounds read was possible in WhatsApp due to incorrect parsing of RTP extension headers. This issue affects WhatsApp for Android prior to 2.18.276, WhatsApp Business for Android prior to 2.18.99, WhatsApp for iOS prior to 2.18.100.6, WhatsApp Business for iOS prior to 2.18.100.2, and WhatsApp for Windows Phone prior to 2.18.224.

Affected Platforms (CPE)

πŸ“¦
Whatsapp

Whatsapp

< 2.18.99
πŸ“¦
Whatsapp

Whatsapp

< 2.18.100.6
πŸ“¦
Whatsapp

Whatsapp

< 2.18.224
πŸ“¦
Whatsapp

Whatsapp Business

< 2.18.100.2
πŸ“¦
Whatsapp

Whatsapp Business

< 2.18.276

References & Advisories

πŸ”— http://www.securityfocus.com/bid/108803
πŸ”— https://www.facebook.com/security/advisories/cve-2018-6350/
πŸ”— http://www.securityfocus.com/bid/108803
πŸ”— https://www.facebook.com/security/advisories/cve-2018-6350/

Related Vulnerabilities

CVE-2020-188910.0

A security feature bypass issue in WhatsApp Desktop versions prior to v0.3.4932 could have allowed for sandbox escape in Electron ...

CVE-2018-63399.8

When receiving calls using WhatsApp on Android, a stack allocation failed to properly account for the amount of data being passed ...

CVE-2018-63499.8

When receiving calls using WhatsApp for Android, a missing size check when parsing a sender-provided packet allowed for a stack-ba...

CVE-2018-206559.8

When receiving calls using WhatsApp for iOS, a missing size check when parsing a sender-provided packet allowed for a stack-based ...