What is CVE-2019-3568?

CVE-2019-3568 is a buffer overflow vulnerability in WhatsApp VOIP stack that allows remote code execution.

How can the CVE-2019-3568 vulnerability be exploited?

The CVE-2019-3568 vulnerability can be exploited by sending a specially crafted series of RTCP packets to a target phone number in WhatsApp.

Which versions of WhatsApp are affected by CVE-2019-3568?

WhatsApp for Android prior to v2.19.134, WhatsApp Business for Android prior to v2.19.44, WhatsApp for iOS prior to v2.19.51, and WhatsApp Business for iOS prior to v2.19.51 are all affected by CVE-2019-3568.

What is the severity of CVE-2019-3568?

CVE-2019-3568 has a severity rating of 9.8, which is considered critical.

How can I fix CVE-2019-3568?

To fix CVE-2019-3568, users should update their WhatsApp to the latest version available for their respective platforms.

Vulnerability/
CVE-2019-3568

Exploited

critical

9.8

CWE

119 122

14/5/2019

21/11/2024

CVE-2019-3568: WhatsApp VOIP Stack Buffer Overflow Vulnerability

First published: Tue May 14 2019(Updated: )

A buffer overflow vulnerability in WhatsApp VOIP stack allowed remote code execution via specially crafted series of RTCP packets sent to a target phone number. The issue affects WhatsApp for Android prior to v2.19.134, WhatsApp Business for Android prior to v2.19.44, WhatsApp for iOS prior to v2.19.51, WhatsApp Business for iOS prior to v2.19.51, WhatsApp for Windows Phone prior to v2.18.348, and WhatsApp for Tizen prior to v2.18.15.

Credit: cve-assign@fb.com cve-assign@fb.com

Affected Software	Affected Version	How to fix
Whatsapp Whatsapp	<2.18.15
Whatsapp Whatsapp	<2.18.348
Whatsapp Whatsapp	<2.19.44
Whatsapp Whatsapp	<2.19.51
Whatsapp Whatsapp	<2.19.51
Whatsapp Whatsapp	<2.19.134
Meta Platforms WhatsApp
	<2.18.15
	<2.18.348
	<2.19.44
	<2.19.51
	<2.19.51
	<2.19.134

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2019-3568?
CVE-2019-3568 is a buffer overflow vulnerability in WhatsApp VOIP stack that allows remote code execution.
How can the CVE-2019-3568 vulnerability be exploited?
The CVE-2019-3568 vulnerability can be exploited by sending a specially crafted series of RTCP packets to a target phone number in WhatsApp.
Which versions of WhatsApp are affected by CVE-2019-3568?
WhatsApp for Android prior to v2.19.134, WhatsApp Business for Android prior to v2.19.44, WhatsApp for iOS prior to v2.19.51, and WhatsApp Business for iOS prior to v2.19.51 are all affected by CVE-2019-3568.
What is the severity of CVE-2019-3568?
CVE-2019-3568 has a severity rating of 9.8, which is considered critical.
How can I fix CVE-2019-3568?
To fix CVE-2019-3568, users should update their WhatsApp to the latest version available for their respective platforms.

agent/type
agent/description
agent/title
collector/the-register
source/The Register
alias/CVE-2019-3568
agent/weakness
agent/news-ai
agent/severity
agent/author
collector/nvd-api
source/NVD
agent/software-canonical-lookup
agent/software-canonical-lookup-request
collector/nvd-index
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/first-publish-date
exploited/true
collector/cisa-known-exploited
source/CISA
agent/references
agent/softwarecombine
agent/event
agent/tags
collector/nvd-cve
vendor/whatsapp
canonical/whatsapp whatsapp
vendor/meta platforms
canonical/meta platforms whatsapp

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.