CVE DATABASE / CVE-2019-3568
CVE-2019-3568
WhatsApp VOIP Stack Buffer Overflow Vulnerability
Confirmed exploited in the wild. Added 2022-04-19.
Federal remediation due 2022-05-10.
Required action: Apply updates per vendor instructions.
Summary
A buffer overflow vulnerability in WhatsApp VOIP stack allowed remote code execution via specially crafted series of RTCP packets sent to a target phone number. The issue affects WhatsApp for Android prior to v2.19.134, WhatsApp Business for Android prior to v2.19.44, WhatsApp for iOS prior to v2.19.51, WhatsApp Business for iOS prior to v2.19.51, WhatsApp for Windows Phone prior to v2.18.348, and WhatsApp for Tizen prior to v2.18.15.
CVSS 3.1 breakdown
| Base score | 9.8 (CRITICAL) |
| Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| Attack vector | NETWORK |
| Attack complexity | LOW |
| Privileges required | NONE |
| User interaction | NONE |
| Scope | UNCHANGED |
| Confidentiality | HIGH |
| Integrity | HIGH |
| Availability | HIGH |
Weakness type (CWE)
Affected products
Use our free CVE Lookup tool for the latest NVD record, or browse the full CISA KEV catalog.
References
- http://www.securityfocus.com/bid/108329
- https://www.facebook.com/security/advisories/cve-2019-3568
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-3568
Data: NIST NVD + CISA KEV. NVD last modified 2025-10-24. Always verify against the vendor advisory before acting.