admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-07 11:06:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

WhatsApp CVEs for January 2022

Browse Source
This commit is contained in:
Daniel Sommermann 2022-01-31 11:40:34 -08:00
parent 616d0cac65
commit 1e66ee5f47
No known key found for this signature in database
GPG Key ID: C89A82E09BA73BB0
2 changed files with 128 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
2020/1xxx/CVE-2020-1904.json
View File

@ -55,7 +55,7 @@
"description_data": [
{
"lang": "eng",
"value": "A path validation issue in WhatsApp for iOS prior to v2.20.61 and WhatsApp Business for iOS prior to v2.20.61 could have allowed for directory traversal overwriting files when sending specially crafted docx, xlx, and pptx files as attachments to messages."
"value": "A path validation issue in WhatsApp for iOS prior to v2.20.61 and WhatsApp Business for iOS prior to v2.20.61 could have allowed for directory traversal overwriting files when sending specially crafted docx, xlsx, and pptx files as attachments to messages."
}
]
},

144
2021/24xxx/CVE-2021-24043.json
View File

@ -1,18 +1,128 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-24043",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve-assign@fb.com",
"DATE_ASSIGNED": "2021-11-09",
"ID": "CVE-2021-24043",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Facebook",
"product": {
"product_data": [
{
"product_name": "WhatsApp Desktop",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "v2.2145.0"
},
{
"version_affected": "!>=",
"version_value": "v2.2145.0"
}
]
}
},
{
"product_name": "WhatsApp for Android",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "v2.21.23.2"
},
{
"version_affected": "!>=",
"version_value": "v2.21.23.2"
}
]
}
},
{
"product_name": "WhatsApp Business for iOS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "v2.21.230.7"
},
{
"version_affected": "!>=",
"version_value": "v2.21.230.7"
}
]
}
},
{
"product_name": "WhatsApp for iOS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "v2.21.230.6"
},
{
"version_affected": "!>=",
"version_value": "v2.21.230.6"
}
]
}
},
{
"product_name": "WhatsApp Business for Android",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "2.21.23.2"
},
{
"version_affected": "!>=",
"version_value": "2.21.23.2"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A missing bound check in RTCP flag parsing code prior to WhatsApp for Android v2.21.23.2, WhatsApp Business for Android v2.21.23.2, WhatsApp for iOS v2.21.230.6, WhatsApp Business for iOS 2.21.230.7, and WhatsApp Desktop v2.2145.0 could have allowed an out-of-bounds heap read if a user sent a malformed RTCP packet during an established call. "
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Out-of-bounds Read (CWE-125)"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://www.whatsapp.com/security/advisories/2021/",
"url": "https://www.whatsapp.com/security/advisories/2021/"
}
]
}
}