CVE-2018-6339 is a vulnerability in WhatsApp
Published on June 14, 2019
When receiving calls using WhatsApp on Android, a stack allocation failed to properly account for the amount of data being passed in. An off-by-one error meant that data was written beyond the allocated space on the stack. This issue affects WhatsApp for Android starting in version 2.18.180 and was fixed in version 2.18.295. It also affects WhatsApp Business for Android starting in version v2.18.103 and was fixed in version v2.18.150.
Weakness Type
What is a Stack Overflow Vulnerability?
A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
CVE-2018-6339 has been classified to as a Stack Overflow vulnerability or weakness.
Products Associated with CVE-2018-6339
Want to know whenever a new CVE is published for WhatsApp? stack.watch will email you.
Affected Versions
Facebook WhatsApp for Android:- Version 2.18.295 is affected.
- Version 2.18.180 and below unspecified is affected.
- Version unspecified and below 2.18.180 is unaffected.
- Version 2.18.150 is affected.
- Version 2.18.103 and below unspecified is affected.
- Version unspecified and below 2.18.103 is unaffected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.