Vulnerability Description
An out-of-bounds read was possible in WhatsApp due to incorrect parsing of RTP extension headers. This issue affects WhatsApp for Android prior to 2.18.276, WhatsApp Business for Android prior to 2.18.99, WhatsApp for iOS prior to 2.18.100.6, WhatsApp Business for iOS prior to 2.18.100.2, and WhatsApp for Windows Phone prior to 2.18.224.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| < 2.18.99 | ||
| Whatsapp Business | < 2.18.100.2 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/108803
- https://www.facebook.com/security/advisories/cve-2018-6350/Third Party Advisory
- http://www.securityfocus.com/bid/108803
- https://www.facebook.com/security/advisories/cve-2018-6350/Third Party Advisory
FAQ
What is CVE-2018-6350?
CVE-2018-6350 is a vulnerability with a CVSS score of 9.8 (CRITICAL). An out-of-bounds read was possible in WhatsApp due to incorrect parsing of RTP extension headers. This issue affects WhatsApp for Android prior to 2.18.276, WhatsApp Business for Android prior to 2.18...
How severe is CVE-2018-6350?
CVE-2018-6350 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2018-6350?
Check the references section above for vendor advisories and patch information. Affected products include: Whatsapp Whatsapp, Whatsapp Whatsapp Business.