{"api_version":"1","generated_at":"2026-05-02T04:06:38+00:00","cve":"CVE-2018-6344","urls":{"html":"https://cve.report/CVE-2018-6344","api":"https://cve.report/api/cve/CVE-2018-6344.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2018-6344","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2018-6344"},"summary":{"title":"CVE-2018-6344","description":"A heap corruption in WhatsApp can be caused by a malformed RTP packet being sent after a call is established. The vulnerability can be used to cause denial of service. It affects WhatsApp for Android prior to v2.18.293, WhatsApp for iOS prior to v2.18.93, and WhatsApp for Windows Phone prior to v2.18.172.","state":"PUBLIC","assigner":"cve-assign@fb.com","published_at":"2018-12-31 22:29:00","updated_at":"2020-09-18 16:51:00"},"problem_types":["CWE-787"],"metrics":[],"references":[{"url":"https://googleprojectzero.blogspot.com/2018/12/adventures-in-video-conferencing-part-3.html","name":"https://googleprojectzero.blogspot.com/2018/12/adventures-in-video-conferencing-part-3.html","refsource":"MISC","tags":["Exploit","Third Party Advisory"],"title":"Project Zero: Adventures in Video Conferencing Part 3: The Even Wilder World of WhatsApp","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/106365","name":"106365","refsource":"BID","tags":["Third Party Advisory","VDB Entry"],"title":"WhatsApp CVE-2018-6344 Denial of Service Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2018-6344","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-6344","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2018","cve_id":"6344","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"whatsapp","cpe5":"whatsapp","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"android","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"6344","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"whatsapp","cpe5":"whatsapp","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"iphone_os","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"6344","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"whatsapp","cpe5":"whatsapp","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"windows_phone","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"6344","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"whatsapp","cpe5":"whatsapp","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"android","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"6344","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"whatsapp","cpe5":"whatsapp","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"iphone_os","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"6344","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"whatsapp","cpe5":"whatsapp","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"windows_phone","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cve-assign@fb.com","DATE_ASSIGNED":"2018-11-21","ID":"CVE-2018-6344","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"WhatsApp for Android","version":{"version_data":[{"version_affected":"!=>","version_value":"2.18.293"},{"version_affected":"<","version_value":"2.18.293"}]}}]},"vendor_name":"Facebook"},{"product":{"product_data":[{"product_name":"WhatsApp for iOS","version":{"version_data":[{"version_affected":"!=>","version_value":"2.18.93"},{"version_affected":"<","version_value":"2.18.93"}]}}]},"vendor_name":"Facebook"},{"product":{"product_data":[{"product_name":"WhatsApp for Windows Phone","version":{"version_data":[{"version_affected":"!=>","version_value":"2.18.172"},{"version_affected":"<","version_value":"2.18.172"}]}}]},"vendor_name":"Facebook"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"A heap corruption in WhatsApp can be caused by a malformed RTP packet being sent after a call is established. The vulnerability can be used to cause denial of service. It affects WhatsApp for Android prior to v2.18.293, WhatsApp for iOS prior to v2.18.93, and WhatsApp for Windows Phone prior to v2.18.172."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Heap-based Buffer Overflow (CWE-122)"}]}]},"references":{"reference_data":[{"name":"https://googleprojectzero.blogspot.com/2018/12/adventures-in-video-conferencing-part-3.html","refsource":"MISC","url":"https://googleprojectzero.blogspot.com/2018/12/adventures-in-video-conferencing-part-3.html"},{"name":"106365","refsource":"BID","url":"http://www.securityfocus.com/bid/106365"}]}},"nvd":{"publishedDate":"2018-12-31 22:29:00","lastModifiedDate":"2020-09-18 16:51:00","problem_types":["CWE-787"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH","baseScore":7.5,"baseSeverity":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:P","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL","baseScore":5},"severity":"MEDIUM","exploitabilityScore":10,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:whatsapp:whatsapp:*:*:*:*:*:windows_phone:*:*","versionEndExcluding":"2.18.172","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:whatsapp:whatsapp:*:*:*:*:*:android:*:*","versionEndExcluding":"2.18.293","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:whatsapp:whatsapp:*:*:*:*:*:iphone_os:*:*","versionEndExcluding":"2.18.93","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2018","CveId":"6344","Ordinal":"122407","Title":"CVE-2018-6344","CVE":"CVE-2018-6344","Year":"2018"},"notes":[{"CveYear":"2018","CveId":"6344","Ordinal":"1","NoteData":"A heap corruption in WhatsApp can be caused by a malformed RTP packet being sent after a call is established. The vulnerability can be used to cause denial of service. It affects WhatsApp for Android prior to v2.18.293, WhatsApp for iOS prior to v2.18.93, and WhatsApp for Windows Phone prior to v2.18.172.","Type":"Description","Title":null},{"CveYear":"2018","CveId":"6344","Ordinal":"2","NoteData":"2018-12-31","Type":"Other","Title":"Published"},{"CveYear":"2018","CveId":"6344","Ordinal":"3","NoteData":"2019-01-01","Type":"Other","Title":"Modified"}]}}}