1. Home
  2. CVE Database
  3. CVE-2018-6339
CRITICAL · 9.8

CVE-2018-6339

When receiving calls using WhatsApp on Android, a stack allocation failed to properly account for the amount of data being passed in. An off-by-one error meant that data was written beyond the allocat...

Vulnerability Description

When receiving calls using WhatsApp on Android, a stack allocation failed to properly account for the amount of data being passed in. An off-by-one error meant that data was written beyond the allocated space on the stack. This issue affects WhatsApp for Android starting in version 2.18.180 and was fixed in version 2.18.295. It also affects WhatsApp Business for Android starting in version v2.18.103 and was fixed in version v2.18.150.

CVSS Score

9.8

CRITICAL

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
WhatsappWhatsapp>= 2.18.180, < 2.18.295
WhatsappWhatsapp Business>= 2.18.103, < 2.18.150

Related Weaknesses (CWE)

CWE-121CWE-119

References

FAQ

What is CVE-2018-6339?

CVE-2018-6339 is a vulnerability with a CVSS score of 9.8 (CRITICAL). When receiving calls using WhatsApp on Android, a stack allocation failed to properly account for the amount of data being passed in. An off-by-one error meant that data was written beyond the allocat...

How severe is CVE-2018-6339?

CVE-2018-6339 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2018-6339?

Check the references section above for vendor advisories and patch information. Affected products include: Whatsapp Whatsapp, Whatsapp Whatsapp Business.