ASA-2019-00267 – WhatsApp: Buffer overflow vulnerability in VOIP stack


Allele Security Alert

ASA-2019-00267

Identifier(s)

ASA-2019-00267, CVE-2019-3568

Title

Buffer overflow vulnerability in VOIP stack

Vendor(s)

Facebook

Product(s)

WhatsApp

Affected version(s)

WhatsApp for Android prior to v2.19.134
WhatsApp Business for Android prior to v2.19.44
WhatsApp for iOS prior to v2.19.51
WhatsApp Business for iOS prior to v2.19.51
WhatsApp for Windows Phone prior to v2.18.348
WhatsApp for Tizen prior to v2.18.15

Fixed version(s)

WhatsApp for Android v2.19.134
WhatsApp Business for Android v2.19.44
WhatsApp for iOS v2.19.51
WhatsApp Business for iOS v2.19.51
WhatsApp for Windows Phone v2.18.348
WhatsApp for Tizen v2.18.15

Proof of concept

Unknown

Description

A buffer overflow vulnerability in WhatsApp VOIP stack allowed remote code execution via specially crafted series of SRTCP packets sent to a target phone number.

Technical details

Unknown

Credits

Unknown

Reference(s)

CVE-2019-3568
https://www.facebook.com/security/advisories/cve-2019-3568

The NSO WhatsApp Vulnerability – This is How It Happened
https://research.checkpoint.com/the-nso-whatsapp-vulnerability-this-is-how-it-happened/

CVE-2019-3568
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3568

CVE-2019-3568
https://nvd.nist.gov/vuln/detail/CVE-2019-3568

If there is any error in this alert or you wish a comprehensive analysis, let us know.

Last modified: May 14, 2019

We are not responsible for any data loss, device corruption or any other type of issue due to the use of any information mentioned in our security alerts.