CVE-2022-36934 Critical WhatsApp Bugs Could Have Let Attackers Hack Devices Remotely

Risk: Critical
CVE ID: CVE-2022-36934
CVSS Score: 9.8
Impacted Product: WhatsApp and WhatsApp Business for Android and iOS Up to 2.22.16.12
CVE-ID: CWE-190 & CWE-122
Published Date: 03 Oct 2022
Updated:

Vulnerability Threat & Description:
An integer overflow vulnerability in WhatsApp leading to remote code execution in an established video call. An attacker can exploit this vulnerability by manipulating the WhatsApp component Video Call Handler so that a heap-based buffer overflow can be triggered and WhatsApp Messenger can be taken over.

Remediation Level: Install Vender Security Update
Attack Vector: Network
Authentication requested: None
Privileges Required: None
Patch Available: Yes
Public Exploit available:
Attack Complexity: Low
User Interaction: None
Impact on:
• Confidentiality: High
• Integrity: None
• Availability: None

More Info:

CVE-2022-36934 Critical WhatsApp Bugs Could Have Let Attackers Hack Devices Remotely

Hot to user Nmap to scan Microsoft Exchange servers for “ProxyNoShell”, 2022-40140 & CVE-2022-41082

CVE-2022-36934 Critical WhatsApp Bugs Could Have Let Attackers Hack Devices Remotely

SQL Injection vulnerability in Advantech iView CVE-2022-3323

Critical Microsoft Exchange ZeroDay – CVE-2022-41082 Server-Side Request Forgery (SSRF)