{ "id": "CVE-2020-1903", "sourceIdentifier": "cve-assign@fb.com", "published": "2020-10-06T18:15:15.907", "lastModified": "2020-10-19T15:41:31.757", "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "An issue when unzipping docx, pptx, and xlsx documents in WhatsApp for iOS prior to v2.20.61 and WhatsApp Business for iOS prior to v2.20.61 could have resulted in an out-of-memory denial of service. This issue would have required the receiver to explicitly open the attachment if it was received from a number not in the receiver's WhatsApp contacts." }, { "lang": "es", "value": "Un problema al descomprimir documentos docx, pptx y xlsx en WhatsApp para iOS anterior a versi\u00f3n v2.20.61 y WhatsApp Business para iOS anterior a versi\u00f3n v2.20.61, podr\u00eda haber resultado en una denegaci\u00f3n de servicio por falta de memoria. Este problema habr\u00eda requerido que el receptor abriera expl\u00edcitamente el archivo adjunto si se recibi\u00f3 de un n\u00famero que no estaba en los contactos de WhatsApp del receptor" } ], "metrics": { "cvssMetricV31": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM" }, "exploitabilityScore": 1.8, "impactScore": 3.6 } ], "cvssMetricV2": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "2.0", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authentication": "NONE", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3 }, "baseSeverity": "MEDIUM", "exploitabilityScore": 8.6, "impactScore": 2.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true } ] }, "weaknesses": [ { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "CWE-400" } ] }, { "source": "cve-assign@fb.com", "type": "Secondary", "description": [ { "lang": "en", "value": "CWE-400" } ] } ], "configurations": [ { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:whatsapp:whatsapp:*:*:*:*:*:iphone_os:*:*", "versionEndExcluding": "2.20.61", "matchCriteriaId": "51FFA80F-58E2-4EBB-9815-6DFCFABE6F6A" }, { "vulnerable": true, "criteria": "cpe:2.3:a:whatsapp:whatsapp_business:*:*:*:*:*:iphone_os:*:*", "versionEndExcluding": "2.20.61", "matchCriteriaId": "73A2E8EB-9428-48E6-AB28-3B3A3FD838EF" } ] } ] } ], "references": [ { "url": "https://www.whatsapp.com/security/advisories/2020/", "source": "cve-assign@fb.com", "tags": [ "Vendor Advisory" ] } ] }