cnvd-2019-16415
Vulnerability from cnvd
Title
Facebook WhatsApp缓冲区溢出漏洞
Description
Facebook WhatsApp是美国Facebook公司的一套利用网络传送短信的移动应用程序。
Facebook WhatsApp存在缓冲区溢出漏洞,允许远程攻击者利用漏洞提交特殊的请求,可以应用程序上下文执行任意代码。
Severity
高
VLAI Severity ?
Patch Name
Facebook WhatsApp缓冲区溢出漏洞的补丁
Patch Description
Facebook WhatsApp是美国Facebook公司的一套利用网络传送短信的移动应用程序。
Facebook WhatsApp存在缓冲区溢出漏洞,允许远程攻击者利用漏洞提交特殊的请求,可以应用程序上下文执行任意代码。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
目前厂商已发布升级补丁以修复漏洞,补丁获取链接: https://www.facebook.com/security/advisories/cve-2019-3568
Reference
https://securityaffairs.co/wordpress/85477/breaking-news/whatsapp-zero-day.html
Impacted products
| Name | ['Facebook WhatsApp Messenger for Android 2.17.146', 'Facebook WhatsApp for Windows 2.19.43', 'Facebook WhatsApp for Tizen 2.18.14', 'Facebook WhatsApp for iOS 2.19.50', 'Facebook WhatsApp for Android 2.19.133', 'Facebook WhatsApp Business for iOS 2.19.42', 'Facebook WhatsApp Business for Android 2.19.43'] |
|---|
{
"bids": {
"bid": {
"bidNumber": "108329"
}
},
"cves": {
"cve": {
"cveNumber": "CVE-2019-3568"
}
},
"description": "Facebook WhatsApp\u662f\u7f8e\u56fdFacebook\u516c\u53f8\u7684\u4e00\u5957\u5229\u7528\u7f51\u7edc\u4f20\u9001\u77ed\u4fe1\u7684\u79fb\u52a8\u5e94\u7528\u7a0b\u5e8f\u3002\n\nFacebook WhatsApp\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff0c\u5141\u8bb8\u8fdc\u7a0b\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u63d0\u4ea4\u7279\u6b8a\u7684\u8bf7\u6c42\uff0c\u53ef\u4ee5\u5e94\u7528\u7a0b\u5e8f\u4e0a\u4e0b\u6587\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002",
"discovererName": "Facebook",
"formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://www.facebook.com/security/advisories/cve-2019-3568",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2019-16415",
"openTime": "2019-06-04",
"patchDescription": "Facebook WhatsApp\u662f\u7f8e\u56fdFacebook\u516c\u53f8\u7684\u4e00\u5957\u5229\u7528\u7f51\u7edc\u4f20\u9001\u77ed\u4fe1\u7684\u79fb\u52a8\u5e94\u7528\u7a0b\u5e8f\u3002\r\n\r\nFacebook WhatsApp\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff0c\u5141\u8bb8\u8fdc\u7a0b\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u63d0\u4ea4\u7279\u6b8a\u7684\u8bf7\u6c42\uff0c\u53ef\u4ee5\u5e94\u7528\u7a0b\u5e8f\u4e0a\u4e0b\u6587\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Facebook WhatsApp\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": [
"Facebook WhatsApp Messenger for Android 2.17.146",
"Facebook WhatsApp for Windows 2.19.43",
"Facebook WhatsApp for Tizen 2.18.14",
"Facebook WhatsApp for iOS 2.19.50",
"Facebook WhatsApp for Android 2.19.133",
"Facebook WhatsApp Business for iOS 2.19.42",
"Facebook WhatsApp Business for Android 2.19.43"
]
},
"referenceLink": "https://securityaffairs.co/wordpress/85477/breaking-news/whatsapp-zero-day.html",
"serverity": "\u9ad8",
"submitTime": "2019-05-14",
"title": "Facebook WhatsApp\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…