CVE-2021-24042

Published: Jan 4, 2022

Modified: May 22, 2025

PUBLISHED

Description

The calling logic for WhatsApp for Android prior to v2.21.23, WhatsApp Business for Android prior to v2.21.23, WhatsApp for iOS prior to v2.21.230, WhatsApp Business for iOS prior to v2.21.230, WhatsApp for KaiOS prior to v2.2143, WhatsApp Desktop prior to v2.2146 could have allowed an out-of-bounds write if a user makes a 1:1 call to a malicious actor.

Vendor	Product	Versions
Facebook	WhatsApp Desktop	affected `unspecified - < v2.2146` unaffected `v2.2146 - < unspecified`
Facebook	WhatsApp for KaiOS	affected `unspecified - < v2.2143` unaffected `v2.2143 - < unspecified`
Facebook	WhatsApp Business for iOS	affected `unspecified - < v2.21.230` unaffected `v2.21.230 - < unspecified`
Facebook	WhatsApp for iOS	affected `unspecified - < v2.21.230` unaffected `v2.21.230 - < unspecified`
Facebook	WhatsApp Business for Android	affected `unspecified - < v2.21.23` unaffected `v2.21.23 - < unspecified`
Facebook	WhatsApp for Android	affected `unspecified - < v2.21.23` unaffected `v2.21.23 - < unspecified`

Weaknesses (CWE)

CWE-122

References

https://www.whatsapp.com/security/advisories/2021/

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2021-24042

Description

Affected Products

Weaknesses (CWE)

References