Skip to content
appaloosa scout logo main rounded
CRITICAL 9.8

CVE-2021-24026

A missing bounds check within the audio decoding pipeline for WhatsApp calls in WhatsApp for Android prior to v2.21.3, WhatsApp Business for Android prior to v2.21.3, WhatsApp for iOS prior to v2.21.32, and WhatsApp Business for iOS prior to v2.21.32 could have allowed an out-of-bounds write.

CVSS v3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected tracked apps

WhatsApp
com.whatsapp
1 open
WhatsApp
net.whatsapp.WhatsApp
1 open

Vulnerable CPE configurations

Vendor Product Platform Versions CPE 2.3 URI
whatsapp whatsapp Android <2.21.3 cpe:2.3:a:whatsapp:whatsapp:*:*:*:*:*:android:*:*
whatsapp whatsapp iOS <2.21.3 cpe:2.3:a:whatsapp:whatsapp:*:*:*:*:*:iphone_os:*:*
whatsapp whatsapp_business Android <2.21.3 cpe:2.3:a:whatsapp:whatsapp_business:*:*:*:*:*:android:*:*
whatsapp whatsapp_business iOS <2.21.32 cpe:2.3:a:whatsapp:whatsapp_business:*:*:*:*:*:iphone_os:*:*
View on NVD ↗