← Zuruck zu CVEs

CVE-2019-3568

CRITICALCISA KEV

9.8

Beschreibung

A buffer overflow vulnerability in WhatsApp VOIP stack allowed remote code execution via specially crafted series of RTCP packets sent to a target phone number. The issue affects WhatsApp for Android prior to v2.19.134, WhatsApp Business for Android prior to v2.19.44, WhatsApp for iOS prior to v2.19.51, WhatsApp Business for iOS prior to v2.19.51, WhatsApp for Windows Phone prior to v2.18.348, and WhatsApp for Tizen prior to v2.18.15.

CVE Details

CVSS v3.1 Bewertung9.8

SchweregradCRITICAL

CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AngriffsvektorNETWORK

KomplexitatLOW

Erforderliche PrivilegienNONE

BenutzerinteraktionNONE

Veroffentlicht5/14/2019

Zuletzt geandert10/24/2025

Quellekev

Honeypot-Sichtungen0

CISA KEV

HerstellerMeta Platforms

ProduktWhatsApp

SchwachstellennameWhatsApp VOIP Stack Buffer Overflow Vulnerability

KEV Aufnahmedatum2022-04-19

Behebungsfrist2022-05-10

Ransomware-NutzungUnknown

Betroffene Produkte

whatsapp:whatsappwhatsapp:whatsapp_business

Schwachen (CWE)

CWE-122CWE-787

Referenzen

http://www.securityfocus.com/bid/108329(cve-assign@fb.com)

https://www.facebook.com/security/advisories/cve-2019-3568(cve-assign@fb.com)

http://www.securityfocus.com/bid/108329(af854a3a-2127-422b-91ae-364da2661108)

https://www.facebook.com/security/advisories/cve-2019-3568(af854a3a-2127-422b-91ae-364da2661108)

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-3568(134c704f-9b21-4f2e-91b3-4a467353bcc0)

IOC Korrelationen

Keine Korrelationen erfasst

This product uses data from the NVD API but is not endorsed or certified by the NVD.