CVE-2018-6339: Buffer Overflow
First published: Fri Jun 14 2019(Updated: )
When receiving calls using WhatsApp on Android, a stack allocation failed to properly account for the amount of data being passed in. An off-by-one error meant that data was written beyond the allocated space on the stack. This issue affects WhatsApp for Android starting in version 2.18.180 and was fixed in version 2.18.295. It also affects WhatsApp Business for Android starting in version v2.18.103 and was fixed in version v2.18.150.
Credit: cve-assign@fb.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Whatsapp Whatsapp | >=2.18.103<2.18.150 | |
| Whatsapp Whatsapp | >=2.18.180<2.18.295 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2018-6339?
CVE-2018-6339 is a vulnerability in WhatsApp on Android that allows data to be written beyond the allocated space on the stack when receiving calls.
What is the severity of CVE-2018-6339?
CVE-2018-6339 has a severity value of 9.8, which is considered critical.
Which versions of WhatsApp for Android are affected by CVE-2018-6339?
WhatsApp for Android versions starting from 2.18.180 up to 2.18.295 are affected by CVE-2018-6339.
How can I fix CVE-2018-6339?
To fix CVE-2018-6339, update WhatsApp for Android to a version beyond 2.18.295.
What are the CWE IDs associated with CVE-2018-6339?
The CWE IDs associated with CVE-2018-6339 are CWE-119 and CWE-121.
- collector/nvd-index
- agent/references
- agent/severity
- agent/weakness
- agent/author
- agent/tags
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- vendor/whatsapp
- canonical/whatsapp whatsapp
- version/whatsapp whatsapp/2.18.103
- version/whatsapp whatsapp/2.18.180