Lucene search

[email protected]CVE-2018-6339

HistoryJun 14, 2019 - 5:29 p.m.

CVE-2018-6339

2019-06-1417:29:02

CWE-119

CWE-121

[email protected]

web.nvd.nist.gov

185

cve-2018-6339

android

vulnerability

stack allocation

security

nvd

off-by-one error

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

57.1%

JSON

When receiving calls using WhatsApp on Android, a stack allocation failed to properly account for the amount of data being passed in. An off-by-one error meant that data was written beyond the allocated space on the stack. This issue affects WhatsApp for Android starting in version 2.18.180 and was fixed in version 2.18.295. It also affects WhatsApp Business for Android starting in version v2.18.103 and was fixed in version v2.18.150.

Affected configurations

NVD

Node

whatsappwhatsappRange2.18.103–2.18.150businessandroid

whatsappwhatsappRange2.18.180–2.18.295android

CPENameOperatorVersion
whatsapp:whatsappwhatsapplt2.18.150
whatsapp:whatsappwhatsapplt2.18.295

CPE	Name	Operator	Version
whatsapp:whatsapp	whatsapp	lt	2.18.150
whatsapp:whatsapp	whatsapp	lt	2.18.295

CNA Affected

[
  {
    "product": "WhatsApp for Android",
    "vendor": "Facebook",
    "versions": [
      {
        "status": "affected",
        "version": "2.18.295"
      },
      {
        "lessThan": "unspecified",
        "status": "affected",
        "version": "2.18.180",
        "versionType": "custom"
      },
      {
        "lessThan": "2.18.180",
        "status": "unaffected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "WhatsApp Business for Android",
    "vendor": "Facebook",
    "versions": [
      {
        "status": "affected",
        "version": "2.18.150"
      },
      {
        "lessThan": "unspecified",
        "status": "affected",
        "version": "2.18.103",
        "versionType": "custom"
      },
      {
        "lessThan": "2.18.103",
        "status": "unaffected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

www.facebook.com/security/advisories/cve-2018-6339/

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

57.1%

JSON

Related for CVE-2018-6339

nvd1 prion1 cvelist1