diff --git a/2020/1xxx/CVE-2020-1904.json b/2020/1xxx/CVE-2020-1904.json index 420941db029..dc058ec9f69 100644 --- a/2020/1xxx/CVE-2020-1904.json +++ b/2020/1xxx/CVE-2020-1904.json @@ -55,7 +55,7 @@ "description_data": [ { "lang": "eng", - "value": "A path validation issue in WhatsApp for iOS prior to v2.20.61 and WhatsApp Business for iOS prior to v2.20.61 could have allowed for directory traversal overwriting files when sending specially crafted docx, xlx, and pptx files as attachments to messages." + "value": "A path validation issue in WhatsApp for iOS prior to v2.20.61 and WhatsApp Business for iOS prior to v2.20.61 could have allowed for directory traversal overwriting files when sending specially crafted docx, xlsx, and pptx files as attachments to messages." } ] }, diff --git a/2021/24xxx/CVE-2021-24043.json b/2021/24xxx/CVE-2021-24043.json index d4983becee1..ad5074d7cc5 100644 --- a/2021/24xxx/CVE-2021-24043.json +++ b/2021/24xxx/CVE-2021-24043.json @@ -1,18 +1,128 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-24043", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} \ No newline at end of file + "CVE_data_meta": { + "ASSIGNER": "cve-assign@fb.com", + "DATE_ASSIGNED": "2021-11-09", + "ID": "CVE-2021-24043", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Facebook", + "product": { + "product_data": [ + { + "product_name": "WhatsApp Desktop", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "v2.2145.0" + }, + { + "version_affected": "!>=", + "version_value": "v2.2145.0" + } + ] + } + }, + { + "product_name": "WhatsApp for Android", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "v2.21.23.2" + }, + { + "version_affected": "!>=", + "version_value": "v2.21.23.2" + } + ] + } + }, + { + "product_name": "WhatsApp Business for iOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "v2.21.230.7" + }, + { + "version_affected": "!>=", + "version_value": "v2.21.230.7" + } + ] + } + }, + { + "product_name": "WhatsApp for iOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "v2.21.230.6" + }, + { + "version_affected": "!>=", + "version_value": "v2.21.230.6" + } + ] + } + }, + { + "product_name": "WhatsApp Business for Android", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "2.21.23.2" + }, + { + "version_affected": "!>=", + "version_value": "2.21.23.2" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A missing bound check in RTCP flag parsing code prior to WhatsApp for Android v2.21.23.2, WhatsApp Business for Android v2.21.23.2, WhatsApp for iOS v2.21.230.6, WhatsApp Business for iOS 2.21.230.7, and WhatsApp Desktop v2.2145.0 could have allowed an out-of-bounds heap read if a user sent a malformed RTCP packet during an established call. " + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-bounds Read (CWE-125)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.whatsapp.com/security/advisories/2021/", + "url": "https://www.whatsapp.com/security/advisories/2021/" + } + ] + } +}