CVE-2019-3568

9.8 CRITICAL CISA KEV - Actively Exploited

Published: May 14, 2019 Modified: October 24, 2025

Description

A buffer overflow vulnerability in WhatsApp VOIP stack allowed remote code execution via specially crafted series of RTCP packets sent to a target phone number. The issue affects WhatsApp for Android prior to v2.19.134, WhatsApp Business for Android prior to v2.19.44, WhatsApp for iOS prior to v2.19.51, WhatsApp Business for iOS prior to v2.19.51, WhatsApp for Windows Phone prior to v2.18.348, and WhatsApp for Tizen prior to v2.18.15.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

CVSS v3.x Details

0.0 Low Medium High Critical 10.0

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

http://www.securityfocus.com/bid/108329

Source: cve-assign@fb.com

Broken Link Third Party Advisory VDB Entry

https://www.facebook.com/security/advisories/cve-2019-3568

Source: cve-assign@fb.com

Third Party Advisory

http://www.securityfocus.com/bid/108329

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link Third Party Advisory VDB Entry

https://www.facebook.com/security/advisories/cve-2019-3568

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-3568

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

US Government Resource

5 reference(s) from NVD

Quick Stats

CVSS v3 Score

9.8 / 10.0

EPSS (Exploit Probability)

46.0%

98th percentile

Exploitation Status

Actively Exploited

Remediation due: 2022-05-10

Weaknesses (CWE)

CWE-122 CWE-787

Affected Vendors

whatsapp

Related CVEs

CVE-2025-52691 10.0

CVE-2025-15168 7.3

CVE-2025-15167 7.3

CVE-2025-15166 7.3

CVE-2025-15165 7.3