Buffer overflow in Facebook Whatsapp Business For Android

CVE-2018-6349

When receiving calls using WhatsApp for Android, a missing size check when parsing a sender-provided packet allowed for a stack-based overflow. This issue affects WhatsApp for Android prior to 2.18.248 and WhatsApp Business for Android pri…

Vulnerability class: Buffer Overflow

EPSS: 0.013 (79.9th percentile) — read the EPSS interpretation.

Affected products

Facebook Whatsapp Business For Android — versions 2.18.132, unspecified
Facebook Whatsapp For Android — versions 2.18.248, unspecified

Weakness classification (CWE)

CWE-121 — Stack-based Buffer Overflow

References

www.facebook.com/security/advisories/cve-2018-6349/ (x_refsource_MISC)
108804 (vdb-entry, x_refsource_BID)