CVE-2021-24042
First published: Tue Jan 04 2022(Updated: )
The calling logic for WhatsApp for Android prior to v2.21.23, WhatsApp Business for Android prior to v2.21.23, WhatsApp for iOS prior to v2.21.230, WhatsApp Business for iOS prior to v2.21.230, WhatsApp for KaiOS prior to v2.2143, WhatsApp Desktop prior to v2.2146 could have allowed an out-of-bounds write if a user makes a 1:1 call to a malicious actor.
Credit: cve-assign@fb.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Whatsapp Whatsapp | <2.21.23 | |
| Whatsapp Whatsapp | <2.21.23 | |
| Whatsapp Whatsapp | <2.21.230 | |
| Whatsapp Whatsapp | <2.21.230 | |
| Whatsapp Whatsapp | <2.2143 | |
| Whatsapp Whatsapp | <2.2146 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this security issue in WhatsApp?
The vulnerability ID for this security issue in WhatsApp is CVE-2021-24042.
What is the severity rating of CVE-2021-24042?
The severity rating of CVE-2021-24042 is critical with a value of 9.8.
Which versions of WhatsApp for Android are affected by this vulnerability?
WhatsApp for Android versions up to exclusive 2.21.23 are affected by this vulnerability.
Which versions of WhatsApp for iOS are affected by this vulnerability?
WhatsApp for iOS versions up to exclusive 2.21.230 are affected by this vulnerability.
Where can I find more information about this vulnerability?
You can find more information about this vulnerability on the official WhatsApp website: https://www.whatsapp.com/security/advisories/2021/
- collector/nvd-index
- vendor/whatsapp
- canonical/whatsapp whatsapp