Detections
Analytics

CVE-2019-3568

critical

Description

A buffer overflow vulnerability in WhatsApp VOIP stack allowed remote code execution via specially crafted series of RTCP packets sent to a target phone number. The issue affects WhatsApp for Android prior to v2.19.134, WhatsApp Business for Android prior to v2.19.44, WhatsApp for iOS prior to v2.19.51, WhatsApp Business for iOS prior to v2.19.51, WhatsApp for Windows Phone prior to v2.18.348, and WhatsApp for Tizen prior to v2.18.15.

References

https://securityaffairs.com/159847/security/nso-group-vs-meta-pegasus-hand-over.html?web_view=true

https://securityaffairs.com/159847/security/nso-group-vs-meta-pegasus-hand-over.html

https://www.theregister.com/2024/03/01/nso_pegasus_source_code/

https://www.facebook.com/security/advisories/cve-2019-3568

http://www.securityfocus.com/bid/108329

Details

Source: Mitre, NVD

Published: 2019-05-14

Updated: 2019-08-13

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical