A buffer overflow vulnerability in WhatsApp VOIP stack allowed remote code execution via specially crafted series of RTCP packets sent to a target phone number. The issue affects WhatsApp for Android prior to v2.19.134, WhatsApp Business for Android prior to v2.19.44, WhatsApp for iOS prior to v2.19.51, WhatsApp Business for iOS prior to v2.19.51, WhatsApp for Windows Phone prior to v2.18.348, and WhatsApp for Tizen prior to v2.18.15.
History

Wed, 03 Sep 2025 17:45:00 +0000

Type Values Removed Values Added
First Time appeared Whatsapp whatsapp Business
CPEs cpe:2.3:a:whatsapp:whatsapp:*:*:*:*:business:android:*:*
cpe:2.3:a:whatsapp:whatsapp:*:*:*:*:business:iphone_os:*:*
cpe:2.3:a:whatsapp:whatsapp_business:*:*:*:*:*:android:*:*
cpe:2.3:a:whatsapp:whatsapp_business:*:*:*:*:*:iphone_os:*:*
Vendors & Products Whatsapp whatsapp Business

Wed, 16 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.33311}

epss

{'score': 0.36028}


Fri, 07 Feb 2025 13:15:00 +0000

Type Values Removed Values Added
Metrics kev

{'dateAdded': '2022-04-19'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'active', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Thu, 06 Feb 2025 16:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-119 CWE-787

cve-icon MITRE

Status: PUBLISHED

Assigner: facebook

Published:

Updated: 2025-07-30T01:46:03.564Z

Reserved: 2019-01-02T00:00:00.000Z

Link: CVE-2019-3568

cve-icon Vulnrichment

Updated: 2024-08-04T19:12:09.468Z

cve-icon NVD

Status : Analyzed

Published: 2019-05-14T20:29:03.187

Modified: 2025-09-03T17:36:53.303

Link: CVE-2019-3568

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.