CVE-2020-1906

2020-10-0617:35:26

CWE-122

facebook

www.cve.org

android

buffer overflow

cve-2020-1906

e-ac-3 audio

AI Score

7.8

Confidence

High

EPSS

Percentile

12.6%

JSON

A buffer overflow in WhatsApp for Android prior to v2.20.130 and WhatsApp Business for Android prior to v2.20.46 could have allowed an out-of-bounds write when processing malformed local videos with E-AC-3 audio streams.

CNA Affected

[
  {
    "product": "WhatsApp for Android",
    "vendor": "Facebook",
    "versions": [
      {
        "status": "affected",
        "version": "2.20.130"
      },
      {
        "lessThan": "2.20.130",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "WhatsApp Business for Android",
    "vendor": "Facebook",
    "versions": [
      {
        "status": "affected",
        "version": "2.20.46"
      },
      {
        "lessThan": "2.20.46",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

www.whatsapp.com/security/advisories/2020/