Vulnerability Description
A buffer overflow vulnerability in WhatsApp VOIP stack allowed remote code execution via specially crafted series of RTCP packets sent to a target phone number. The issue affects WhatsApp for Android prior to v2.19.134, WhatsApp Business for Android prior to v2.19.44, WhatsApp for iOS prior to v2.19.51, WhatsApp Business for iOS prior to v2.19.51, WhatsApp for Windows Phone prior to v2.18.348, and WhatsApp for Tizen prior to v2.18.15.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| < 2.18.15 | ||
| Whatsapp Business | < 2.19.44 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/108329Broken LinkThird Party AdvisoryVDB Entry
- https://www.facebook.com/security/advisories/cve-2019-3568Third Party Advisory
- http://www.securityfocus.com/bid/108329Broken LinkThird Party AdvisoryVDB Entry
- https://www.facebook.com/security/advisories/cve-2019-3568Third Party Advisory
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-US Government Resource
FAQ
What is CVE-2019-3568?
CVE-2019-3568 is a vulnerability with a CVSS score of 9.8 (CRITICAL). A buffer overflow vulnerability in WhatsApp VOIP stack allowed remote code execution via specially crafted series of RTCP packets sent to a target phone number. The issue affects WhatsApp for Android ...
How severe is CVE-2019-3568?
CVE-2019-3568 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2019-3568?
Check the references section above for vendor advisories and patch information. Affected products include: Whatsapp Whatsapp, Whatsapp Whatsapp Business.