Allele Security Alert
ASA-2020-00048
Identifier(s)
ASA-2020-00048, CVE-2020-1894
Title
A stack write overflow could have allowed arbitrary code execution when playing a specially crafted push to talk message
Vendor(s)
Product(s)
Facebook WhatsApp
Affected version(s)
WhatsApp for Android versions before v2.20.35
WhatsApp Business for Android versions before v2.20.20
WhatsApp for iPhone versions before v2.20.30
WhatsApp Business for iPhone versions before v2.20.30
Fixed version(s)
WhatsApp for Android version v2.20.35
WhatsApp Business for Android version v2.20.20
WhatsApp for iPhone version v2.20.30
WhatsApp Business for iPhone version v2.20.30
Proof of concept
Unknown
Description
A stack write overflow in WhatsApp for Android prior to v2.20.35, WhatsApp Business for Android prior to v2.20.20, WhatsApp for iPhone prior to v2.20.30, and WhatsApp Business for iPhone prior to v2.20.30 could have allowed arbitrary code execution when playing a specially crafted push to talk message.
Technical details
Unknown
Credits
Unknown
Reference(s)
WhatsApp Security Advisories
https://www.whatsapp.com/security/advisories/2020
CVE-2020-1894
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1894
CVE-2020-1894
https://nvd.nist.gov/vuln/detail/CVE-2020-1894
If there is any error in this alert or you wish a comprehensive analysis, let us know.
Last modified: September 9, 2020