Merge pull request #2018 from FBNeal/whatsapp-messaging

Publish CVE-2019-3566
2025-07-30 18:04:30 +00:00 · 2019-05-10 15:59:11 -05:00 · 2019-05-10 15:59:11 -05:00 · 632a9961d6
commit 632a9961d6
parent c402e3d5d7 0268563186
1 changed files with 58 additions and 4 deletions
--- a/2019/3xxx/CVE-2019-3566.json
+++ b/2019/3xxx/CVE-2019-3566.json
@ -1,8 +1,41 @@
 {
    "CVE_data_meta": {
-        "ASSIGNER": "cve@mitre.org",
+        "ASSIGNER": "cve-assign@fb.com",
+        "DATE_ASSIGNED": "2019-05-09",
        "ID": "CVE-2019-3566",
-        "STATE": "RESERVED"
+        "STATE": "PUBLIC"
+    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "WhatsApp for Android",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_affected": "!=>",
+                                            "version_value": "2.19.104"
+                                        },
+                                        {
+                                            "version_affected": ">=",
+                                            "version_value": "2.19.54"
+                                        },
+                                        {
+                                            "version_affected": "=",
+                                            "version_value": "2.19.52"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    },
+                    "vendor_name": "Facebook"
+                }
+            ]
+        }
    },
    "data_format": "MITRE",
    "data_type": "CVE",
@ -11,8 +44,29 @@
        "description_data": [
            {
                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                "value": "A bug in WhatsApp for Android's messaging logic would potentially allow a malicious individual who has taken over over a WhatsApp user's account to recover previously sent messages. This behavior requires independent knowledge of metadata for previous messages, which are not available publicly. This issue affects WhatsApp for Android 2.19.52 and 2.19.54 - 2.19.103."
+            }
+        ]
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "Improper Access Control (CWE-284)"
+                    }
+                ]
+            }
+        ]
+    },
+    "references": {
+        "reference_data": [
+            {
+                "name": "https://www.facebook.com/security/advisories/cve-2019-3566",
+                "refsource": "MISC",
+                "url": "https://www.facebook.com/security/advisories/cve-2019-3566"
            }
        ]
    }
-}
+}