Vulnerability Description
A heap corruption in WhatsApp can be caused by a malformed RTP packet being sent after a call is established. The vulnerability can be used to cause denial of service. It affects WhatsApp for Android prior to v2.18.293, WhatsApp for iOS prior to v2.18.93, and WhatsApp for Windows Phone prior to v2.18.172.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| < 2.18.93 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/106365Third Party AdvisoryVDB Entry
- https://googleprojectzero.blogspot.com/2018/12/adventures-in-video-conferencing-ExploitThird Party Advisory
- http://www.securityfocus.com/bid/106365Third Party AdvisoryVDB Entry
- https://googleprojectzero.blogspot.com/2018/12/adventures-in-video-conferencing-ExploitThird Party Advisory
FAQ
What is CVE-2018-6344?
CVE-2018-6344 is a vulnerability with a CVSS score of 7.5 (HIGH). A heap corruption in WhatsApp can be caused by a malformed RTP packet being sent after a call is established. The vulnerability can be used to cause denial of service. It affects WhatsApp for Android ...
How severe is CVE-2018-6344?
CVE-2018-6344 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-6344?
Check the references section above for vendor advisories and patch information. Affected products include: Whatsapp Whatsapp.