Lucene search

FacebookCVELIST:CVE-2023-38538

HistoryOct 04, 2023 - 7:10 p.m.

CVE-2023-38538

2023-10-0419:10:49

facebook

www.cve.org

race condition

event subsystem

heap use-after-free

audio calls

video calls

app termination

unexpected control flow

5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C

5.5 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.1%

JSON

A race condition in an event subsystem led to a heap use-after-free issue in established audio/video calls that could have resulted in app termination or unexpected control flow with very low probability.

CNA Affected

[
  {
    "defaultStatus": "affected",
    "product": "WhatsApp Desktop for Mac",
    "vendor": "Facebook",
    "versions": [
      {
        "lessThan": "2.2338.12",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "affected",
    "product": "WhatsApp Desktop for Windows",
    "vendor": "Facebook",
    "versions": [
      {
        "lessThan": "2.2320.2",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "affected",
    "product": "WhatsApp Business for iOS",
    "vendor": "Facebook",
    "versions": [
      {
        "lessThan": "2.23.10.77",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "affected",
    "product": "WhatsApp for iOS",
    "vendor": "Facebook",
    "versions": [
      {
        "lessThan": "2.23.10.77",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "affected",
    "product": "WhatsApp Business for Android",
    "vendor": "Facebook",
    "versions": [
      {
        "lessThan": "2.23.10.77",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "affected",
    "product": "WhatsApp for Android",
    "vendor": "Facebook",
    "versions": [
      {
        "lessThan": "2.23.10.77",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  }
]

References

www.whatsapp.com/security/advisories/2023/