Unrated severityNVD Advisory· Published Feb 2, 2022· Updated Aug 3, 2024

CVE-2021-24043

Description

A missing bound check in RTCP flag parsing code prior to WhatsApp for Android v2.21.23.2, WhatsApp Business for Android v2.21.23.2, WhatsApp for iOS v2.21.230.6, WhatsApp Business for iOS 2.21.230.7, and WhatsApp Desktop v2.2145.0 could have allowed an out-of-bounds heap read if a user sent a malformed RTCP packet during an established call.

Affected products

Whatsapp/Whatsappcpe-rescue2 versions
(expand)+ 1 more
- (no CPE)
- (no CPE)range: Android < 2.21.23.2, iOS < 2.21.230.6, Desktop < 2.2145.0
Facebook/WhatsApp Businessllm-fuzzy
Range: Android < 2.21.23.2, iOS < 2.21.230.7

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.whatsapp.com/security/advisories/2021/mitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000