CVE-2018-6344 is a vulnerability in WhatsApp
Published on December 31, 2018
A heap corruption in WhatsApp can be caused by a malformed RTP packet being sent after a call is established. The vulnerability can be used to cause denial of service. It affects WhatsApp for Android prior to v2.18.293, WhatsApp for iOS prior to v2.18.93, and WhatsApp for Windows Phone prior to v2.18.172.
Vulnerability Analysis
CVE-2018-6344 is exploitable with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a high impact on availability.
Weakness Type
Heap-based Buffer Overflow
A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().
Products Associated with CVE-2018-6344
Want to know whenever a new CVE is published for WhatsApp? stack.watch will email you.
Affected Versions
Facebook WhatsApp for Android:- Version 2.18.293 is affected.
- Version unspecified and below 2.18.293 is affected.
- Version 2.18.93 is affected.
- Version unspecified and below 2.18.93 is affected.
- Version 2.18.172 is affected.
- Version unspecified and below 2.18.172 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.