CVE-2018-6344

Vulnerability

A heap corruption vulnerability exists in WhatsApp's handling of Real-time Transport Protocol (RTP) packets. The bug resides in the PJSIP-based video conferencing implementation, specifically in the transport_send_rtp2 function within libwhatsapp.so. When a malformed RTP packet is sent after a call is established, the memcpy operation that copies the unencrypted packet before encryption can corrupt heap memory. This affects WhatsApp for Android prior to v2.18.293, WhatsApp for iOS prior to v2.18.93, and WhatsApp for Windows Phone prior to v2.18.172 [1].

Exploitation

An attacker must be in a position to send network packets to a WhatsApp client after a call has been established. No authentication or user interaction beyond accepting the call is required. The attacker crafts a malformed RTP packet and transmits it to the target device. The vulnerable code path is triggered when the packet is processed, leading to a heap corruption [1].

Impact

Successful exploitation results in a denial of service (DoS) condition. The heap corruption can cause the WhatsApp application to crash or become unresponsive. The vulnerability does not appear to allow arbitrary code execution or information disclosure based on the available references [1].

Mitigation

WhatsApp released fixed versions: Android v2.18.293, iOS v2.18.93, and Windows Phone v2.18.172. Users should update their WhatsApp application to the latest version. No workarounds are available for unpatched versions [1].