CVE-2018-6339
Last modified
CVE-2018-6339 is a vulnerability of currently unknown severity. When receiving calls using WhatsApp on Android, a stack allocation failed to properly account for the amount of data being passed in. An off-by-one error meant that data was written beyond the allocated space on the stack. EPSS estimates a 1.54% chance of exploitation in the next 30 days.
Description
When receiving calls using WhatsApp on Android, a stack allocation failed to properly account for the amount of data being passed in. An off-by-one error meant that data was written beyond the allocated space on the stack. This issue affects WhatsApp for Android starting in version 2.18.180 and was fixed in version 2.18.295. It also affects WhatsApp Business for Android starting in version v2.18.103 and was fixed in version v2.18.150.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| >= 2.18.180, < 2.18.295 | ||
| Whatsapp Business | >= 2.18.103, < 2.18.150 |
References
- https://www.facebook.com/security/advisories/cve-2018-6339/Third Party Advisory
- https://www.facebook.com/security/advisories/cve-2018-6339/Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2018-6339?
How severe is CVE-2018-6339?
How do I fix CVE-2018-6339?
Are you affected by CVE-2018-6339?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST