CyberSec.Space Logo
返回 CVE 浏览器

CVE-2018-6339

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1030%
EPSS Percentile29.29th
Published2019年6月14日
Last Modified2025年9月3日

Vulnerability Description

When receiving calls using WhatsApp on Android, a stack allocation failed to properly account for the amount of data being passed in. An off-by-one error meant that data was written beyond the allocated space on the stack. This issue affects WhatsApp for Android starting in version 2.18.180 and was fixed in version 2.18.295. It also affects WhatsApp Business for Android starting in version v2.18.103 and was fixed in version v2.18.150.

Affected Platforms (CPE)

📦
Whatsapp

Whatsapp

>= 2.18.180 and < 2.18.295
📦
Whatsapp

Whatsapp Business

>= 2.18.103 and < 2.18.150

References & Advisories

🔗 https://www.facebook.com/security/advisories/cve-2018-6339/
🔗 https://www.facebook.com/security/advisories/cve-2018-6339/

相关漏洞威胁

CVE-2020-188910.0

A security feature bypass issue in WhatsApp Desktop versions prior to v0.3.4932 could have allowed for sandbox escape in Electron ...

CVE-2018-63499.8

When receiving calls using WhatsApp for Android, a missing size check when parsing a sender-provided packet allowed for a stack-ba...

CVE-2018-63509.8

An out-of-bounds read was possible in WhatsApp due to incorrect parsing of RTP extension headers. This issue affects WhatsApp for ...

CVE-2018-206559.8

When receiving calls using WhatsApp for iOS, a missing size check when parsing a sender-provided packet allowed for a stack-based ...