{"api_version":"1","generated_at":"2026-04-23T07:01:15+00:00","cve":"CVE-2021-24026","urls":{"html":"https://cve.report/CVE-2021-24026","api":"https://cve.report/api/cve/CVE-2021-24026.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2021-24026","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2021-24026"},"summary":{"title":"CVE-2021-24026","description":"A missing bounds check within the audio decoding pipeline for WhatsApp calls in WhatsApp for Android prior to v2.21.3, WhatsApp Business for Android prior to v2.21.3, WhatsApp for iOS prior to v2.21.32, and WhatsApp Business for iOS prior to v2.21.32 could have allowed an out-of-bounds write.","state":"PUBLIC","assigner":"cve-assign@fb.com","published_at":"2021-04-06 17:15:00","updated_at":"2021-04-15 14:35:00"},"problem_types":["CWE-787"],"metrics":[],"references":[{"url":"https://www.whatsapp.com/security/advisories/2021/","name":"https://www.whatsapp.com/security/advisories/2021/","refsource":"CONFIRM","tags":[],"title":"WhatsApp Security Advisories","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2021-24026","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-24026","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2021","cve_id":"24026","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"whatsapp","cpe5":"whatsapp","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"android","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"24026","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"whatsapp","cpe5":"whatsapp","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"iphone_os","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"24026","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"whatsapp","cpe5":"whatsapp_business","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"android","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"24026","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"whatsapp","cpe5":"whatsapp_business","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"iphone_os","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2021-24026","qid":"630672","title":"WhatsApp For Android Out-of-bounds Write Vulnerability"},{"cve":"CVE-2021-24026","qid":"630697","title":"WhatsApp For Android Out-of-bounds Write Vulnerability"},{"cve":"CVE-2021-24026","qid":"630714","title":"WhatsApp For iOS Out-of-bounds Write Vulnerability"}]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cve-assign@fb.com","DATE_ASSIGNED":"2021-04-06","ID":"CVE-2021-24026","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"vendor_name":"Facebook","product":{"product_data":[{"product_name":"WhatsApp Business for iOS","version":{"version_data":[{"version_affected":"<","version_value":"v2.21.32"}]}},{"product_name":"WhatsApp for iOS","version":{"version_data":[{"version_affected":"<","version_value":"v2.21.32"}]}},{"product_name":"WhatsApp Business for Android","version":{"version_data":[{"version_affected":"<","version_value":"v2.21.3"}]}},{"product_name":"WhatsApp for Android","version":{"version_data":[{"version_affected":"<","version_value":"v2.21.3"}]}}]}}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"A missing bounds check within the audio decoding pipeline for WhatsApp calls in WhatsApp for Android prior to v2.21.3, WhatsApp Business for Android prior to v2.21.3, WhatsApp for iOS prior to v2.21.32, and WhatsApp Business for iOS prior to v2.21.32 could have allowed an out-of-bounds write."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-787"}]}]},"references":{"reference_data":[{"refsource":"CONFIRM","name":"https://www.whatsapp.com/security/advisories/2021/","url":"https://www.whatsapp.com/security/advisories/2021/"}]}},"nvd":{"publishedDate":"2021-04-06 17:15:00","lastModifiedDate":"2021-04-15 14:35:00","problem_types":["CWE-787"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":9.8,"baseSeverity":"CRITICAL"},"exploitabilityScore":3.9,"impactScore":5.9},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:C/I:C/A:C","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE","baseScore":10},"severity":"HIGH","exploitabilityScore":10,"impactScore":10,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:whatsapp:whatsapp:*:*:*:*:*:iphone_os:*:*","versionEndExcluding":"2.21.3","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:whatsapp:whatsapp_business:*:*:*:*:*:iphone_os:*:*","versionEndExcluding":"2.21.32","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:whatsapp:whatsapp_business:*:*:*:*:*:android:*:*","versionEndExcluding":"2.21.3","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:whatsapp:whatsapp:*:*:*:*:*:android:*:*","versionEndExcluding":"2.21.3","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2021","CveId":"24026","Ordinal":"198785","Title":"CVE-2021-24026","CVE":"CVE-2021-24026","Year":"2021"},"notes":[{"CveYear":"2021","CveId":"24026","Ordinal":"1","NoteData":"A missing bounds check within the audio decoding pipeline for WhatsApp calls in WhatsApp for Android prior to v2.21.3, WhatsApp Business for Android prior to v2.21.3, WhatsApp for iOS prior to v2.21.32, and WhatsApp Business for iOS prior to v2.21.32 could have allowed an out-of-bounds write.","Type":"Description","Title":null},{"CveYear":"2021","CveId":"24026","Ordinal":"2","NoteData":"2021-04-06","Type":"Other","Title":"Published"},{"CveYear":"2021","CveId":"24026","Ordinal":"3","NoteData":"2021-04-06","Type":"Other","Title":"Modified"}]}}}