CVE-2018-6344
First published: Mon Dec 31 2018(Updated: )
A heap corruption in WhatsApp can be caused by a malformed RTP packet being sent after a call is established. The vulnerability can be used to cause denial of service. It affects WhatsApp for Android prior to v2.18.293, WhatsApp for iOS prior to v2.18.93, and WhatsApp for Windows Phone prior to v2.18.172.
Credit: cve-assign@fb.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Whatsapp Whatsapp | <2.18.93 | |
| Whatsapp Whatsapp | <2.18.172 | |
| Whatsapp Whatsapp | <2.18.293 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2018-6344?
CVE-2018-6344 is a vulnerability in WhatsApp that allows a heap corruption to occur when a malformed RTP packet is sent after a call is established.
How does CVE-2018-6344 impact WhatsApp?
CVE-2018-6344 can be used to cause a denial of service by triggering a heap corruption in WhatsApp.
Which versions of WhatsApp are affected by CVE-2018-6344?
WhatsApp for Android prior to v2.18.293, WhatsApp for iOS prior to v2.18.93, and WhatsApp for Windows Phone prior to v2.18.172 are affected by CVE-2018-6344.
What is the severity of CVE-2018-6344?
CVE-2018-6344 has a severity rating of high with a score of 7.5.
How can I fix CVE-2018-6344?
To fix CVE-2018-6344, update your WhatsApp to the latest version available for your device.
- agent/weakness
- agent/references
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/author
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/description
- agent/event
- collector/mitre-cve
- source/MITRE
- vendor/whatsapp
- canonical/whatsapp whatsapp