| CERT-In Vulnerability Note 
                                                                      CIVN-2019-0181 Buffer Overflow Vulnerability in WhatsApp
 Original Issue Date:November  16, 2019
 Severity Rating: HIGH
 Software Affected  WhatsApp for Android prior to 2.19.274WhatsApp for iOS prior to 2.19.100WhatsApp Enterprise Client prior to 2.25.3WhatsApp for Windows Phone prior to 2.18.368WhatsApp Business for Android prior to 2.19.104WhatsApp Business for iOS prior to 2.19.100
 Overview A vulnerability has been reported in WhatsApp which could be exploited by a remote attacker to execute arbitrary code on the target system. DescriptionA stack-based buffer overflow vulnerability exists in WhatsApp due to improper parsing of elementary stream metadata of an MP4 file. A remote attacker could exploit this vulnerability by sending a specially crafted MP4 file to the target system. This could trigger a buffer overflow condition leading to execution of arbitrary code by the attacker.The exploitation does not require any form of authentication from the victim end and executes on downloading of malicious crafted mp4 file on victim's system. 
 Successful exploitation of this vulnerability could allow the remote attacker to cause Remote Code Execution (RCE) or Denial of Service (DoS) condition, which could lead to further compromise of the system.
 
 
 Solution Upgrade to latest version of WhatsApp
 Vendor Information Facebookhttps://www.facebook.com/security/advisories/cve-2019-11931
 
 References Facebookhttps://www.facebook.com/security/advisories/cve-2019-11931
 
 VulDBhttps://vuldb.com/?id.145626
 
 Hacker Newshttps://thehackernews.com/2019/11/whatsapp-hacking-vulnerability.html
 
 CVE NameDisclaimerCVE-2019-11931
 
 The information provided herein is on "as is" basis, without warranty of any kind.  Contact Information  Email: info@cert-in.org.in Phone: +91-11-24368572
 Postal address  Indian Computer Emergency Response Team (CERT-In) Ministry of Electronics and Information Technology
 Government of India
 Electronics Niketan
 6, CGO Complex, Lodhi Road,
 New Delhi - 110 003
 India
   |