Heap UAF via race in network transport for AV calls
CVE-2023-38537 Published on October 4, 2023

A race condition in a network transport subsystem led to a heap use-after-free issue in established or unsilenced incoming audio/video calls that could have resulted in app termination or unexpected control flow with very low probability.

NVD

Products Associated with CVE-2023-38537

Want to know whenever a new CVE is published for WhatsApp? stack.watch will email you.

WhatsApp

Affected Versions

Facebook WhatsApp Desktop for Mac:

Before 2.2338.12 is affected.

Facebook WhatsApp Desktop for Windows:

Before 2.2320.2 is affected.

Facebook WhatsApp Business for iOS:

Before 2.23.10.77 is affected.

Facebook WhatsApp for iOS:

Before 2.23.10.77 is affected.

Facebook WhatsApp Business for Android:

Before 2.23.10.77 is affected.

Facebook WhatsApp for Android:

Before 2.23.10.77 is affected.

Exploit Probability

EPSS

0.11%

Percentile

29.70%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

Heap UAF via race in network transport for AV callsCVE-2023-38537 Published on October 4, 2023

Products Associated with CVE-2023-38537

Affected Versions

Exploit Probability

Heap UAF via race in network transport for AV calls
CVE-2023-38537 Published on October 4, 2023