CyberSec.Space Logo
CVEブラウザに戻る

CVE-2019-3568

Known Exploited (CISA KEV)CRITICAL
9.8
CVSS Severity Score
EPSS Score61.1920%
EPSS Percentile98.70th
Published2019年5月14日
Last Modified2025年10月24日

Vulnerability Description

A buffer overflow vulnerability in WhatsApp VOIP stack allowed remote code execution via specially crafted series of RTCP packets sent to a target phone number. The issue affects WhatsApp for Android prior to v2.19.134, WhatsApp Business for Android prior to v2.19.44, WhatsApp for iOS prior to v2.19.51, WhatsApp Business for iOS prior to v2.19.51, WhatsApp for Windows Phone prior to v2.18.348, and WhatsApp for Tizen prior to v2.18.15.

Affected Platforms (CPE)

📦
Whatsapp

Whatsapp

< 2.18.15
📦
Whatsapp

Whatsapp

< 2.18.348
📦
Whatsapp

Whatsapp

< 2.19.51
📦
Whatsapp

Whatsapp

< 2.19.134
📦
Whatsapp

Whatsapp Business

< 2.19.44
📦
Whatsapp

Whatsapp Business

< 2.19.51

References & Advisories

🔗 http://www.securityfocus.com/bid/108329
🔗 https://www.facebook.com/security/advisories/cve-2019-3568
🔗 http://www.securityfocus.com/bid/108329
🔗 https://www.facebook.com/security/advisories/cve-2019-3568
🔗 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-3568

関連する脆弱性情報

CVE-2020-188910.0

A security feature bypass issue in WhatsApp Desktop versions prior to v0.3.4932 could have allowed for sandbox escape in Electron ...

CVE-2018-63399.8

When receiving calls using WhatsApp on Android, a stack allocation failed to properly account for the amount of data being passed ...

CVE-2018-63499.8

When receiving calls using WhatsApp for Android, a missing size check when parsing a sender-provided packet allowed for a stack-ba...

CVE-2018-206559.8

When receiving calls using WhatsApp for iOS, a missing size check when parsing a sender-provided packet allowed for a stack-based ...