CVE-2019-3568
ENISA EUVD: EUVD-2019-13204 ↗
Exploited in the Wild
✓ Confirmed 0-Day
★ Google Project Zero
Triaged: March 5, 2026
1 article
Published: 2019-05-14
EPSS Score
Source: FIRST.org · 2026-05-23
47.96%
probability
This CVE has a 47.96% probability
of being exploited in the next 30 days.
0%
Top 97.8th percentile of all CVEs
100%
CVSS v3.1
Source: VulnerabilityLookup (CIRCL)9.8
CRITICAL
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS v2 (legacy)
7.5
HIGH
Access Vector
Network
Access Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
AV:N/AC:L/Au:N/C:P/I:P/A:P
Description
VulnerabilityLookup (CNA)A buffer overflow vulnerability in WhatsApp VOIP stack allowed remote code execution via specially crafted series of RTCP packets sent to a target phone number. The issue affects WhatsApp for Android prior to v2.19.134, WhatsApp Business for Android prior to v2.19.44, WhatsApp for iOS prior to v2.19.51, WhatsApp Business for iOS prior to v2.19.51, WhatsApp for Windows Phone prior to v2.18.348, and WhatsApp for Tizen prior to v2.18.15.
Affected Products
Facebook
WhatsApp for Android
2.19.134
unspecified
Facebook
WhatsApp Business for Android
2.19.44
unspecified
Facebook
WhatsApp for iOS
2.19.51
unspecified
Facebook
WhatsApp Business for iOS
2.19.51
unspecified
Facebook
WhatsApp for Windows Phone
2.18.348
unspecified
Attack Intelligence
Google Project Zero
Patched
May 13, 2019
Reported by
???
Root Cause Analysis
???
https://www.facebook.com/security/advisories/cve-2019-3568
x_refsource_MISC
http://www.securityfocus.com/bid/108329
vdb-entry
x_refsource_BID
Signal Intelligence
Confidence
95%
EPSS
47.96%
CVSS v3.1
9.8
Mentions
1
CNA Information
CNA Assigner
facebook
Analyst Note
Auto-imported from Google Project Zero — confirmed zero-day by definition.
Threat Actors 3
Hacking Team
apt_group
🇮🇹 IT
Infy
apt_group
Information theft and espionage
🇮🇷 IR
Mana Team
apt_group
🇨🇳 CN
Triage Info
Decided atMar 05, 2026
Published DateMay 14, 2019