ASA-2019-00429 – WhatsApp Desktop: An input validation issue allows malicious clients to send files with a wrong extension

Posted on by Allele Security Intelligence in Alerts

Allele Security Alert

ASA-2019-00429

Identifier(s)

ASA-2019-00429, CVE-2019-3571

Title

An input validation issue allows malicious clients to send files with a wrong extension

Vendor(s)

Facebook

Product(s)

WhatsApp Desktop

Affected version(s)

WhatsApp Desktop prior to version 0.3.3793 running on Windows and MacOS

Fixed version(s)

WhatsApp Desktop version 0.3.3793

Proof of concept

Unknown

Description

An input validation issue affected WhatsApp Desktop versions prior to 0.3.3793 which allows malicious clients to send files to users that would be displayed with a wrong extension.

Technical details

Unknown

Credits

Unknown

Reference(s)

CVE-2019-3571
https://www.facebook.com/security/advisories/cve-2019-3571

CVE-2019-3571
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3571

CVE-2019-3571
https://nvd.nist.gov/vuln/detail/CVE-2019-3571

If there is any error in this alert or you wish a comprehensive analysis, let us know.

Last modified: July 17, 2019

We are not responsible for any data loss, device corruption or any other type of issue due to the use of any information mentioned in our security alerts.