Heap-based Buffer Overflow

CVE-2018-6344

High

7.5/10

Summary

A heap corruption in WhatsApp can be caused by a malformed RTP packet being sent after a call is established. The vulnerability can be used to cause denial of service. It affects WhatsApp for Android prior to v2.18.293, WhatsApp for iOS prior to v2.18.93, and WhatsApp for Windows Phone prior to v2.18.172.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: NONE
Availability Impact: HIGH

CWE-122 - Heap-based Buffer Overflow

A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().

References

Advisory Timeline

Published Dec 31, 2018

Heap-based Buffer Overflow

CVE-2018-6344

Summary

CWE-122 - Heap-based Buffer Overflow

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS