CVE-2018-6339 - OpenCVE

When receiving calls using WhatsApp on Android, a stack allocation failed to properly account for the amount of data being passed in. An off-by-one error meant that data was written beyond the allocated space on the stack. This issue affects WhatsApp for Android starting in version 2.18.180 and was fixed in version 2.18.295. It also affects WhatsApp Business for Android starting in version v2.18.103 and was fixed in version v2.18.150.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Whatsapp	Whatsapp

Configuration 1 [-]

OR	cpe:2.3:a:whatsapp:whatsapp:::::business:android::
	cpe:2.3:a:whatsapp:whatsapp::::::android::*

No data.

References

Link	Providers
https://www.facebook.com/security/advisories/cve-2018-6339/

History

No history.

MITRE

Status: PUBLISHED

Assigner: facebook

Published: 2019-06-14T17:02:57

Updated: 2024-08-05T06:01:48.697Z

Reserved: 2018-01-26T00:00:00

Link: CVE-2018-6339

Vulnrichment

No data.

NVD

Status : Modified

Published: 2019-06-14T17:29:02.003

Modified: 2019-10-09T23:41:46.813

Link: CVE-2018-6339

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "WhatsApp for Android", "vendor": "Facebook", "versions": [{"status": "affected", "version": "2.18.295"}, {"lessThan": "unspecified", "status": "affected", "version": "2.18.180", "versionType": "custom"}, {"lessThan": "2.18.180", "status": "unaffected", "version": "unspecified", "versionType": "custom"}]}, {"product": "WhatsApp Business for Android", "vendor": "Facebook", "versions": [{"status": "affected", "version": "2.18.150"}, {"lessThan": "unspecified", "status": "affected", "version": "2.18.103", "versionType": "custom"}, {"lessThan": "2.18.103", "status": "unaffected", "version": "unspecified", "versionType": "custom"}]}], "dateAssigned": "2018-12-30T00:00:00", "descriptions": [{"lang": "en", "value": "When receiving calls using WhatsApp on Android, a stack allocation failed to properly account for the amount of data being passed in. An off-by-one error meant that data was written beyond the allocated space on the stack. This issue affects WhatsApp for Android starting in version 2.18.180 and was fixed in version 2.18.295. It also affects WhatsApp Business for Android starting in version v2.18.103 and was fixed in version v2.18.150."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-121", "description": "Stack-based Buffer Overflow (CWE-121)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2019-06-14T17:02:57", "orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827", "shortName": "facebook"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.facebook.com/security/advisories/cve-2018-6339/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve-assign@fb.com", "DATE_ASSIGNED": "2018-12-30", "ID": "CVE-2018-6339", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "WhatsApp for Android", "version": {"version_data": [{"version_affected": "!=>", "version_value": "2.18.295"}, {"version_affected": ">=", "version_value": "2.18.180"}, {"version_affected": "!<", "version_value": "2.18.180"}]}}, {"product_name": "WhatsApp Business for Android", "version": {"version_data": [{"version_affected": "!=>", "version_value": "2.18.150"}, {"version_affected": ">=", "version_value": "2.18.103"}, {"version_affected": "!<", "version_value": "2.18.103"}]}}]}, "vendor_name": "Facebook"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "When receiving calls using WhatsApp on Android, a stack allocation failed to properly account for the amount of data being passed in. An off-by-one error meant that data was written beyond the allocated space on the stack. This issue affects WhatsApp for Android starting in version 2.18.180 and was fixed in version 2.18.295. It also affects WhatsApp Business for Android starting in version v2.18.103 and was fixed in version v2.18.150."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Stack-based Buffer Overflow (CWE-121)"}]}]}, "references": {"reference_data": [{"name": "https://www.facebook.com/security/advisories/cve-2018-6339/", "refsource": "MISC", "url": "https://www.facebook.com/security/advisories/cve-2018-6339/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T06:01:48.697Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.facebook.com/security/advisories/cve-2018-6339/"}]}]}, "cveMetadata": {"assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827", "assignerShortName": "facebook", "cveId": "CVE-2018-6339", "datePublished": "2019-06-14T17:02:57", "dateReserved": "2018-01-26T00:00:00", "dateUpdated": "2024-08-05T06:01:48.697Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:whatsapp:whatsapp:*:*:*:*:business:android:*:*", "matchCriteriaId": "7111B367-98BD-4244-A3F5-661A1DCE43C3", "versionEndExcluding": "2.18.150", "versionStartIncluding": "2.18.103", "vulnerable": true}, {"criteria": "cpe:2.3:a:whatsapp:whatsapp:*:*:*:*:*:android:*:*", "matchCriteriaId": "6AF2CF4A-DE98-48CC-A13A-E168EA4678E6", "versionEndExcluding": "2.18.295", "versionStartIncluding": "2.18.180", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "When receiving calls using WhatsApp on Android, a stack allocation failed to properly account for the amount of data being passed in. An off-by-one error meant that data was written beyond the allocated space on the stack. This issue affects WhatsApp for Android starting in version 2.18.180 and was fixed in version 2.18.295. It also affects WhatsApp Business for Android starting in version v2.18.103 and was fixed in version v2.18.150."}, {"lang": "es", "value": "Cuando se reciben llamadas con WhatsApp en Android, en la asignaci\u00f3n de pila no se considera adecuadamente la cantidad de datos que est\u00e1n pasando. Un error de uno en uno significaba que los datos se escrib\u00edan fuera del espacio asignado en la pila. Este problema afecta a WhatsApp para Android a partir de la versi\u00f3n 2.18.180 y se corrigi\u00f3 en la versi\u00f3n 2.18.295. Tambi\u00e9n afecta a WhatsApp Business para Android a partir de la versi\u00f3n v2.18.103 y se corrigi\u00f3 en la versi\u00f3n v2.18.150."}], "id": "CVE-2018-6339", "lastModified": "2019-10-09T23:41:46.813", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-06-14T17:29:02.003", "references": [{"source": "cve-assign@fb.com", "tags": ["Third Party Advisory"], "url": "https://www.facebook.com/security/advisories/cve-2018-6339/"}], "sourceIdentifier": "cve-assign@fb.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-121"}], "source": "cve-assign@fb.com", "type": "Secondary"}]}