CVE-2021-24042

CVSS 9.8 CRITICALEPSS 1.2%CWE-122 CWE-787

The calling logic for WhatsApp for Android prior to v2.21.23, WhatsApp Business for Android prior to v2.21.23, WhatsApp for iOS prior to v2.21.230, WhatsApp Business for iOS prior to v2.21.230, WhatsApp for KaiOS prior to v2.2143, WhatsApp Desktop prior to v2.2146 could have allowed an out-of-bounds write if a user makes a 1:1 call to a malicious actor.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Productos afectados

Facebook · WhatsApp Business for Android Facebook · WhatsApp Business for iOS Facebook · WhatsApp Desktop Facebook · WhatsApp for Android Facebook · WhatsApp for iOS Facebook · WhatsApp for KaiOS

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://www.whatsapp.com/security/advisories/2021/