CVE-2020-1903 vulnerability in WhatsApp Products
Published on October 6, 2020
An issue when unzipping docx, pptx, and xlsx documents in WhatsApp for iOS prior to v2.20.61 and WhatsApp Business for iOS prior to v2.20.61 could have resulted in an out-of-memory denial of service. This issue would have required the receiver to explicitly open the attachment if it was received from a number not in the receiver's WhatsApp contacts.
Weakness Type
What is a Resource Exhaustion Vulnerability?
The software does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.
CVE-2020-1903 has been classified to as a Resource Exhaustion vulnerability or weakness.
Products Associated with CVE-2020-1903
stack.watch emails you whenever new vulnerabilities are published in WhatsApp or Whatsapp Business. Just hit a watch button to start following.
Affected Versions
Facebook WhatsApp for iOS:- Version 2.20.61 is affected.
- Version unspecified and below 2.20.61 is affected.
- Version 2.20.61 is affected.
- Version unspecified and below 2.20.61 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.