What is CVE-2020-1907?

CVE-2020-1907 refers to a stack overflow vulnerability in WhatsApp for Android, WhatsApp Business for Android, WhatsApp for iOS, WhatsApp Business for iOS, and WhatsApp for Portal.

What is the severity of CVE-2020-1907?

CVE-2020-1907 has a severity rating of 9.8 out of 10, which is classified as critical.

How does CVE-2020-1907 allow arbitrary code execution?

CVE-2020-1907 allows arbitrary code execution by exploiting a stack overflow vulnerability in the affected WhatsApp versions.

How can I fix CVE-2020-1907?

To fix CVE-2020-1907, update WhatsApp to version v2.20.196.16 or later for Android, v2.20.90 or later for iOS, v2.20.196.12 or later for WhatsApp Business for Android, v2.20.90 or later for WhatsApp Business for iOS, and v173.0.0.29.505 or later for WhatsApp for Portal.

Vulnerability/
CVE-2020-1907

critical

9.8

CWE

787

6/10/2020

4/8/2024

CVE-2020-1907

First published: Tue Oct 06 2020(Updated: )

A stack overflow in WhatsApp for Android prior to v2.20.196.16, WhatsApp Business for Android prior to v2.20.196.12, WhatsApp for iOS prior to v2.20.90, WhatsApp Business for iOS prior to v2.20.90, and WhatsApp for Portal prior to v173.0.0.29.505 could have allowed arbitrary code execution when parsing the contents of an RTP Extension header.

Credit: cve-assign@fb.com

Affected Software	Affected Version	How to fix
Whatsapp Whatsapp	<2.20.90
Whatsapp Whatsapp	<2.20.196.16
Whatsapp Whatsapp	<173.0.0.29.505
Whatsapp Whatsapp Business	<2.20.90
Whatsapp Whatsapp Business	<2.20.196.12

Never miss a vulnerability like this again

Reference Links

https://www.whatsapp.com/security/advisories/2020/

Frequently Asked Questions

What is CVE-2020-1907?
CVE-2020-1907 refers to a stack overflow vulnerability in WhatsApp for Android, WhatsApp Business for Android, WhatsApp for iOS, WhatsApp Business for iOS, and WhatsApp for Portal.
What is the severity of CVE-2020-1907?
CVE-2020-1907 has a severity rating of 9.8 out of 10, which is classified as critical.
How does CVE-2020-1907 allow arbitrary code execution?
CVE-2020-1907 allows arbitrary code execution by exploiting a stack overflow vulnerability in the affected WhatsApp versions.
Which versions of WhatsApp are affected by CVE-2020-1907?
WhatsApp for Android prior to v2.20.196.16, WhatsApp Business for Android prior to v2.20.196.12, WhatsApp for iOS prior to v2.20.90, WhatsApp Business for iOS prior to v2.20.90, and WhatsApp for Portal prior to v173.0.0.29.505 are affected by CVE-2020-1907.
How can I fix CVE-2020-1907?
To fix CVE-2020-1907, update WhatsApp to version v2.20.196.16 or later for Android, v2.20.90 or later for iOS, v2.20.196.12 or later for WhatsApp Business for Android, v2.20.90 or later for WhatsApp Business for iOS, and v173.0.0.29.505 or later for WhatsApp for Portal.

collector/nvd-index
agent/weakness
agent/severity
agent/references
agent/author
agent/type
agent/event
agent/tags
agent/description
agent/first-publish-date
agent/last-modified-date
agent/softwarecombine
collector/mitre-cve
source/MITRE
vendor/whatsapp
canonical/whatsapp whatsapp
canonical/whatsapp whatsapp business

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.