CVE-2021-24043
Last modified
CVE-2021-24043 is a critical-severity vulnerability rated 9.1/10 on the CVSS scale. A missing bound check in RTCP flag parsing code prior to WhatsApp for Android v2.21.23.2, WhatsApp Business for Android v2.21.23.2, WhatsApp for iOS v2.21.230.6, WhatsApp Business for iOS 2.21.230.7, and WhatsApp Desktop v2.2145.0 could have allowed an out-of-bounds heap read if a user sent a malformed RTCP packet during an established call.. EPSS estimates a 1.12% chance of exploitation in the next 30 days.
Description
A missing bound check in RTCP flag parsing code prior to WhatsApp for Android v2.21.23.2, WhatsApp Business for Android v2.21.23.2, WhatsApp for iOS v2.21.230.6, WhatsApp Business for iOS 2.21.230.7, and WhatsApp Desktop v2.2145.0 could have allowed an out-of-bounds heap read if a user sent a malformed RTCP packet during an established call.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| 2.21.23.2 | ||
| 2.21.230.6 | ||
| 2.2145.0 | ||
| Whatsapp Business | 2.21.23.2 | |
| Whatsapp Business | 2.21.230.7 |
References
- https://www.whatsapp.com/security/advisories/2021/Not Applicable, Vendor Advisory
- https://www.whatsapp.com/security/advisories/2022/Vendor Advisory
- https://www.whatsapp.com/security/advisories/2021/Not Applicable, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2021-24043?
How severe is CVE-2021-24043?
How do I fix CVE-2021-24043?
Are you affected by CVE-2021-24043?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST