CVE-2021-24026

EPSS 1.4%CWE-787

Vexday Risk Score

3Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS —EPSS 1.4%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

06 Apr 2021Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

A missing bounds check within the audio decoding pipeline for WhatsApp calls in WhatsApp for Android prior to v2.21.3, WhatsApp Business for Android prior to v2.21.3, WhatsApp for iOS prior to v2.21.32, and WhatsApp Business for iOS prior to v2.21.32 could have allowed an out-of-bounds write.

Affected products

Facebook · WhatsApp Business for Android Facebook · WhatsApp Business for iOS Facebook · WhatsApp for Android Facebook · WhatsApp for iOS

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.whatsapp.com/security/advisories/2021/