Whatsapp Whatsapp Business — known CVE vulnerabilities
Every CVE whose affected-product data names Whatsapp Whatsapp Business, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (27)
CVE-2018-20655 — CVSS 9.8 (critical): When receiving calls using WhatsApp for iOS, a missing size check when parsing a sender-provided packet allowed for a stack-based overflow…
CVE-2018-6339 — CVSS 9.8 (critical): When receiving calls using WhatsApp on Android, a stack allocation failed to properly account for the amount of data being passed in. An…
CVE-2018-6349 — CVSS 9.8 (critical): When receiving calls using WhatsApp for Android, a missing size check when parsing a sender-provided packet allowed for a stack-based…
CVE-2018-6350 — CVSS 9.8 (critical): An out-of-bounds read was possible in WhatsApp due to incorrect parsing of RTP extension headers. This issue affects WhatsApp for Android…
CVE-2021-24041 — CVSS 9.8 (critical): A missing bounds check in image blurring code prior to WhatsApp for Android v2.21.22.7 and WhatsApp Business for Android v2.21.22.7 could…
CVE-2021-24026 — CVSS 9.8 (critical): A missing bounds check within the audio decoding pipeline for WhatsApp calls in WhatsApp for Android prior to v2.21.3, WhatsApp Business…
CVE-2020-1909 — CVSS 9.8 (critical): A use-after-free in a logging library in WhatsApp for iOS prior to v2.20.111 and WhatsApp Business for iOS prior to v2.20.111 could have…
CVE-2020-1891 — CVSS 9.8 (critical): A user controlled parameter used in video call in WhatsApp for Android prior to v2.20.17, WhatsApp Business for Android prior to v2.20.7…
CVE-2020-1907 — CVSS 9.8 (critical): A stack overflow in WhatsApp for Android prior to v2.20.196.16, WhatsApp Business for Android prior to v2.20.196.12, WhatsApp for iOS prior…
CVE-2021-24035 — CVSS 9.1 (critical): A lack of filename validation when unzipping archives prior to WhatsApp for Android v2.21.8.13 and WhatsApp Business for Android v2.21.8.13…
CVE-2021-24043 — CVSS 9.1 (critical): A missing bound check in RTCP flag parsing code prior to WhatsApp for Android v2.21.23.2, WhatsApp Business for Android v2.21.23.2…
CVE-2020-1894 — CVSS 8.8 (high): A stack write overflow in WhatsApp for Android prior to v2.20.35, WhatsApp Business for Android prior to v2.20.20, WhatsApp for iPhone…
CVE-2020-1886 — CVSS 8.8 (high): A buffer overflow in WhatsApp for Android prior to v2.20.11 and WhatsApp Business for Android prior to v2.20.2 could have allowed an…
CVE-2019-11931 — CVSS 7.8 (high): A stack-based buffer overflow could be triggered in WhatsApp by sending a specially crafted MP4 file to a WhatsApp user. The issue was…
CVE-2020-1906 — CVSS 7.8 (high): A buffer overflow in WhatsApp for Android prior to v2.20.130 and WhatsApp Business for Android prior to v2.20.46 could have allowed an…
CVE-2020-1910 — CVSS 7.8 (high): A missing bounds check in WhatsApp for Android prior to v2.21.1.13 and WhatsApp Business for Android prior to v2.21.1.13 could have allowed…
CVE-2020-1902 — CVSS 7.5 (high): A user running a quick search on a highly forwarded message on WhatsApp for Android from v2.20.108 to v2.20.140 or WhatsApp Business for…
CVE-2021-24027 — CVSS 7.5 (high): A cache configuration issue prior to WhatsApp for Android v2.21.4.18 and WhatsApp Business for Android v2.21.4.18 may have allowed a third…
CVE-2020-1890 — CVSS 7.5 (high): A URL validation issue in WhatsApp for Android prior to v2.20.11 and WhatsApp Business for Android prior to v2.20.2 could have caused the…
CVE-2019-3566 — CVSS 5.9 (medium): A bug in WhatsApp for Android's messaging logic would potentially allow a malicious individual who has taken over over a WhatsApp user's…
CVE-2020-1904 — CVSS 5.5 (medium): A path validation issue in WhatsApp for iOS prior to v2.20.61 and WhatsApp Business for iOS prior to v2.20.61 could have allowed for…
CVE-2020-1903 — CVSS 5.5 (medium): An issue when unzipping docx, pptx, and xlsx documents in WhatsApp for iOS prior to v2.20.61 and WhatsApp Business for iOS prior to…
CVE-2025-55179 — CVSS 5.4 (medium): Incomplete validation of rich response messages in WhatsApp for iOS prior to v2.25.23.73, WhatsApp Business for iOS v2.25.23.82, and…
CVE-2020-1908 — CVSS 4.6 (medium): Improper authorization of the Screen Lock feature in WhatsApp and WhatsApp Business for iOS prior to v2.20.100 could have permitted use of…