mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-08-04 08:44:25 +00:00
WhatsApp CVEs for September 2020
This commit is contained in:
parent
cf2f5eb49a
commit
97bd3769ca
@ -1,18 +1,68 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cve-assign@fb.com",
|
||||
"DATE_ASSIGNED": "2020-10-06",
|
||||
"ID": "CVE-2020-1901",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "Facebook",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "WhatsApp for iOS",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "!=>",
|
||||
"version_value": "2.20.91.4"
|
||||
},
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_value": "2.20.91.4"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "Receiving a large text message containing URLs in WhatsApp for iOS prior to v2.20.91.4 could have caused the application to freeze while processing the message."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-400: Uncontrolled Resource Consumption"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "CONFIRM",
|
||||
"name": "https://www.whatsapp.com/security/advisories/2020/",
|
||||
"url": "https://www.whatsapp.com/security/advisories/2020/"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -1,18 +1,91 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cve-assign@fb.com",
|
||||
"DATE_ASSIGNED": "2020-10-06",
|
||||
"ID": "CVE-2020-1902",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "Facebook",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "WhatsApp for Android",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "!=>",
|
||||
"version_value": "2.20.140"
|
||||
},
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_value": "2.20.140"
|
||||
},
|
||||
{
|
||||
"version_affected": "!<",
|
||||
"version_value": "2.20.108"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "WhatsApp Business for Android",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "!=>",
|
||||
"version_value": "2.20.49"
|
||||
},
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_value": "2.20.49"
|
||||
},
|
||||
{
|
||||
"version_affected": "!<",
|
||||
"version_value": "2.20.35"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "A user running a quick search on a highly forwarded message on WhatsApp for Android from v2.20.108 to v2.20.140 or WhatsApp Business for Android from v2.20.35 to v2.20.49 could have been sent to the Google service over plain HTTP."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "CONFIRM",
|
||||
"name": "https://www.whatsapp.com/security/advisories/2020/",
|
||||
"url": "https://www.whatsapp.com/security/advisories/2020/"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -1,18 +1,83 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cve-assign@fb.com",
|
||||
"DATE_ASSIGNED": "2020-10-06",
|
||||
"ID": "CVE-2020-1903",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "Facebook",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "WhatsApp for iOS",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "!=>",
|
||||
"version_value": "2.20.61"
|
||||
},
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_value": "2.20.61"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "WhatsApp Business for iOS",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "!=>",
|
||||
"version_value": "2.20.61"
|
||||
},
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_value": "2.20.61"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "An issue when unzipping docx, pptx, and xlsx documents in WhatsApp for iOS prior to v2.20.61 and WhatsApp Business for iOS prior to v2.20.61 could have resulted in an out-of-memory denial of service. This issue would have required the receiver to explicitly open the attachment if it was received from a number not in the receiver's WhatsApp contacts."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-400: Uncontrolled Resource Consumption"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "CONFIRM",
|
||||
"name": "https://www.whatsapp.com/security/advisories/2020/",
|
||||
"url": "https://www.whatsapp.com/security/advisories/2020/"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -1,18 +1,83 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cve-assign@fb.com",
|
||||
"DATE_ASSIGNED": "2020-10-06",
|
||||
"ID": "CVE-2020-1904",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "Facebook",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "WhatsApp for iOS",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "!=>",
|
||||
"version_value": "2.20.61"
|
||||
},
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_value": "2.20.61"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "WhatsApp Business for iOS",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "!=>",
|
||||
"version_value": "2.20.61"
|
||||
},
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_value": "2.20.61"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "A path validation issue in WhatsApp for iOS prior to v2.20.61 and WhatsApp Business for iOS prior to v2.20.61 could have allowed for directory traversal overwriting files when sending specially crafted docx, xlx, and pptx files as attachments to messages."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-23: Relative Path Traversal"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "CONFIRM",
|
||||
"name": "https://www.whatsapp.com/security/advisories/2020/",
|
||||
"url": "https://www.whatsapp.com/security/advisories/2020/"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -1,18 +1,68 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cve-assign@fb.com",
|
||||
"DATE_ASSIGNED": "2020-10-06",
|
||||
"ID": "CVE-2020-1905",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "Facebook",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "WhatsApp for Android",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "!=>",
|
||||
"version_value": "2.20.185"
|
||||
},
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_value": "2.20.185"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "Media ContentProvider URIs used for opening attachments in other apps were generated sequentially prior to WhatsApp for Android v2.20.185, which could have allowed a malicious third party app chosen to open the file to guess the URIs for previously opened attachments until the opener app is terminated."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-340: Generation of Predictable Numbers or Identifiers"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "CONFIRM",
|
||||
"name": "https://www.whatsapp.com/security/advisories/2020/",
|
||||
"url": "https://www.whatsapp.com/security/advisories/2020/"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -1,18 +1,83 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cve-assign@fb.com",
|
||||
"DATE_ASSIGNED": "2020-10-06",
|
||||
"ID": "CVE-2020-1906",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "Facebook",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "WhatsApp for Android",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "!=>",
|
||||
"version_value": "2.20.130"
|
||||
},
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_value": "2.20.130"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "WhatsApp Business for Android",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "!=>",
|
||||
"version_value": "2.20.46"
|
||||
},
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_value": "2.20.46"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "A buffer overflow in WhatsApp for Android prior to v2.20.130 and WhatsApp Business for Android prior to v2.20.46 could have allowed an out-of-bounds write when processing malformed local videos with E-AC-3 audio streams."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-122: Heap-based Buffer Overflow"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "CONFIRM",
|
||||
"name": "https://www.whatsapp.com/security/advisories/2020/",
|
||||
"url": "https://www.whatsapp.com/security/advisories/2020/"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -1,18 +1,128 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cve-assign@fb.com",
|
||||
"DATE_ASSIGNED": "2020-10-06",
|
||||
"ID": "CVE-2020-1907",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "Facebook",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "WhatsApp for Android",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "!=>",
|
||||
"version_value": "2.20.196.16"
|
||||
},
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_value": "2.20.196.16"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "WhatsApp Business for Android",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "!=>",
|
||||
"version_value": "2.20.196.12"
|
||||
},
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_value": "2.20.196.12"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "WhatsApp for iOS",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "!=>",
|
||||
"version_value": "2.20.90"
|
||||
},
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_value": "2.20.90"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "WhatsApp Business for iOS",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "!=>",
|
||||
"version_value": "2.20.90"
|
||||
},
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_value": "2.20.90"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "WhatsApp for Portal",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "!=>",
|
||||
"version_value": "173.0.0.29.505"
|
||||
},
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_value": "173.0.0.29.505"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "A stack overflow in WhatsApp for Android prior to v2.20.196.16, WhatsApp Business for Android prior to v2.20.196.12, WhatsApp for iOS prior to v2.20.90, WhatsApp Business for iOS prior to v2.20.90, and WhatsApp for Portal prior to v173.0.0.29.505 could have allowed arbitrary code execution when parsing the contents of an RTP Extension header."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-787: Out-of-bounds Write"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "CONFIRM",
|
||||
"name": "https://www.whatsapp.com/security/advisories/2020/",
|
||||
"url": "https://www.whatsapp.com/security/advisories/2020/"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
|
Loading…
x
Reference in New Issue
Block a user