Skip to content
appaloosa scout logo main rounded
HIGH 8.8

CVE-2020-1894

A stack write overflow in WhatsApp for Android prior to v2.20.35, WhatsApp Business for Android prior to v2.20.20, WhatsApp for iPhone prior to v2.20.30, and WhatsApp Business for iPhone prior to v2.20.30 could have allowed arbitrary code execution when playing a specially crafted push to talk message.

CVSS v3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected tracked apps

WhatsApp
net.whatsapp.WhatsApp
1 open
WhatsApp
com.whatsapp
1 open

Vulnerable CPE configurations

Vendor Product Platform Versions CPE 2.3 URI
whatsapp whatsapp iOS <2.20.30 cpe:2.3:a:whatsapp:whatsapp:*:*:*:*:*:iphone_os:*:*
whatsapp whatsapp Android <2.20.35 cpe:2.3:a:whatsapp:whatsapp:*:*:*:*:*:android:*:*
whatsapp whatsapp_business Android <2.20.20 cpe:2.3:a:whatsapp:whatsapp_business:*:*:*:*:*:android:*:*
whatsapp whatsapp_business iOS <2.20.30 cpe:2.3:a:whatsapp:whatsapp_business:*:*:*:*:*:iphone_os:*:*
View on NVD ↗