VYPR

WhatsApp for Android

by Whatsapp

CVEs (14)

  • CVE-2021-24041CriDec 7, 2021
    risk 0.64cvss 9.8epss 0.01

    A missing bounds check in image blurring code prior to WhatsApp for Android v2.21.22.7 and WhatsApp Business for Android v2.21.22.7 could have allowed an out-of-bounds write if a user sent a malicious image.

  • CVE-2021-24026CriApr 6, 2021
    risk 0.64cvss 9.8epss 0.01

    A missing bounds check within the audio decoding pipeline for WhatsApp calls in WhatsApp for Android prior to v2.21.3, WhatsApp Business for Android prior to v2.21.3, WhatsApp for iOS prior to v2.21.32, and WhatsApp Business for iOS prior to v2.21.32 could have allowed an…

  • CVE-2020-1907CriOct 6, 2020
    risk 0.64cvss 9.8epss 0.02

    A stack overflow in WhatsApp for Android prior to v2.20.196.16, WhatsApp Business for Android prior to v2.20.196.12, WhatsApp for iOS prior to v2.20.90, WhatsApp Business for iOS prior to v2.20.90, and WhatsApp for Portal prior to v173.0.0.29.505 could have allowed arbitrary…

  • CVE-2021-24043CriFeb 2, 2022
    risk 0.59cvss 9.1epss 0.01

    A missing bound check in RTCP flag parsing code prior to WhatsApp for Android v2.21.23.2, WhatsApp Business for Android v2.21.23.2, WhatsApp for iOS v2.21.230.6, WhatsApp Business for iOS 2.21.230.7, and WhatsApp Desktop v2.2145.0 could have allowed an out-of-bounds heap read if…

  • CVE-2021-24035CriJun 11, 2021
    risk 0.59cvss 9.1epss 0.01

    A lack of filename validation when unzipping archives prior to WhatsApp for Android v2.21.8.13 and WhatsApp Business for Android v2.21.8.13 could have allowed path traversal attacks that overwrite WhatsApp files.

  • CVE-2020-1894HigSep 3, 2020
    risk 0.57cvss 8.8epss 0.02

    A stack write overflow in WhatsApp for Android prior to v2.20.35, WhatsApp Business for Android prior to v2.20.20, WhatsApp for iPhone prior to v2.20.30, and WhatsApp Business for iPhone prior to v2.20.30 could have allowed arbitrary code execution when playing a specially…

  • CVE-2020-1886HigSep 3, 2020
    risk 0.57cvss 8.8epss 0.01

    A buffer overflow in WhatsApp for Android prior to v2.20.11 and WhatsApp Business for Android prior to v2.20.2 could have allowed an out-of-bounds write via a specially crafted video stream after receiving and answering a malicious video call.

  • CVE-2020-1910HigFeb 2, 2021
    risk 0.51cvss 7.8epss 0.05

    A missing bounds check in WhatsApp for Android prior to v2.21.1.13 and WhatsApp Business for Android prior to v2.21.1.13 could have allowed out-of-bounds read and write if a user applied specific image filters to a specially crafted image and sent the resulting image.

  • CVE-2020-1906HigOct 6, 2020
    risk 0.51cvss 7.8epss 0.00

    A buffer overflow in WhatsApp for Android prior to v2.20.130 and WhatsApp Business for Android prior to v2.20.46 could have allowed an out-of-bounds write when processing malformed local videos with E-AC-3 audio streams.

  • CVE-2021-24027HigApr 6, 2021
    risk 0.49cvss 7.5epss 0.04

    A cache configuration issue prior to WhatsApp for Android v2.21.4.18 and WhatsApp Business for Android v2.21.4.18 may have allowed a third party with access to the device’s external storage to read cached TLS material.

  • CVE-2020-1902HigOct 6, 2020
    risk 0.49cvss 7.5epss 0.01

    A user running a quick search on a highly forwarded message on WhatsApp for Android from v2.20.108 to v2.20.140 or WhatsApp Business for Android from v2.20.35 to v2.20.49 could have been sent to the Google service over plain HTTP.

  • CVE-2020-1890HigSep 3, 2020
    risk 0.49cvss 7.5epss 0.01

    A URL validation issue in WhatsApp for Android prior to v2.20.11 and WhatsApp Business for Android prior to v2.20.2 could have caused the recipient of a sticker message containing deliberately malformed data to load an image from a sender-controlled URL without user interaction.

  • CVE-2019-3566MedMay 10, 2019
    risk 0.38cvss 5.9epss 0.01

    A bug in WhatsApp for Android's messaging logic would potentially allow a malicious individual who has taken over over a WhatsApp user's account to recover previously sent messages. This behavior requires independent knowledge of metadata for previous messages, which are not…

  • CVE-2020-1905LowOct 6, 2020
    risk 0.22cvss 3.3epss 0.01

    Media ContentProvider URIs used for opening attachments in other apps were generated sequentially prior to WhatsApp for Android v2.20.185, which could have allowed a malicious third party app chosen to open the file to guess the URIs for previously opened attachments until the…