CVE-2021-24026
First published: Tue Apr 06 2021(Updated: )
A missing bounds check within the audio decoding pipeline for WhatsApp calls in WhatsApp for Android prior to v2.21.3, WhatsApp Business for Android prior to v2.21.3, WhatsApp for iOS prior to v2.21.32, and WhatsApp Business for iOS prior to v2.21.32 could have allowed an out-of-bounds write.
Credit: cve-assign@fb.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Whatsapp Whatsapp | <2.21.3 | |
| Whatsapp Whatsapp | <2.21.3 | |
| Whatsapp Whatsapp Business | <2.21.3 | |
| Whatsapp Whatsapp Business | <2.21.32 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2021-24026?
CVE-2021-24026 is a vulnerability in WhatsApp for Android and iOS that allows an out-of-bounds write.
How severe is CVE-2021-24026?
CVE-2021-24026 has a severity rating of 9.8, which is considered critical.
Which software versions are affected by CVE-2021-24026?
WhatsApp for Android versions prior to v2.21.3, WhatsApp Business for Android versions prior to v2.21.3, WhatsApp for iOS versions prior to v2.21.32, and WhatsApp Business for iOS versions prior to v2.21.32 are affected by CVE-2021-24026.
How can I fix CVE-2021-24026?
To fix CVE-2021-24026, update WhatsApp for Android to v2.21.3 or later, WhatsApp Business for Android to v2.21.3 or later, WhatsApp for iOS to v2.21.32 or later, and WhatsApp Business for iOS to v2.21.32 or later.
Where can I find more information about CVE-2021-24026?
More information about CVE-2021-24026 can be found on the WhatsApp Security Advisories page at https://www.whatsapp.com/security/advisories/2021/