Sign-up

ID

VAR-201802-0428


CVE

CVE-2017-14910


TITLE

plural Qualcomm Snapdragon Vulnerability related to input validation in products

Trust: 0.8

sources: JVNDB: JVNDB-2017-012721

DESCRIPTION

In Snapdragon Automobile, Snapdragon IoT and Snapdragon Mobile MDM9206 MDM9607, MDM9650, S820A, S820Am, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 820, SD 835, and SD 845, a buffer overread is possible if there are no newlines in an input file. plural Qualcomm Snapdragon The product contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Google Android is prone to multiple unspecified security vulnerabilities. Little is known about these issues or its effects at this time. We will update this BID as more information emerges. Qualcomm MDM9650 and others are products of Qualcomm (Qualcomm). MDM9650 is a central processing unit (CPU) product. SD 425 is a central processing unit (CPU) product. SD 430 is a central processing unit (CPU) product. SD 625 is a central processing unit (CPU) product. And so on are the best products. A buffer error vulnerability exists in several Qualcomm products. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations. Attackers can exploit this vulnerability to cause buffer overflow or heap overflow, etc

Trust: 2.07

sources: NVD: CVE-2017-14910 // JVNDB: JVNDB-2017-012721 // BID: 103502 // VULHUB: VHN-105680 // VULMON: CVE-2017-14910

AFFECTED PRODUCTS

vendor:qualcommmodel:sd 210scope:eqversion: -

Trust: 1.6

vendor:qualcommmodel:sd 212scope:eqversion: -

Trust: 1.6

vendor:qualcommmodel:s820amscope:eqversion: -

Trust: 1.6

vendor:qualcommmodel:sd 410scope:eqversion: -

Trust: 1.6

vendor:qualcommmodel:sd 425scope:eqversion: -

Trust: 1.6

vendor:qualcommmodel:mdm9650scope:eqversion: -

Trust: 1.6

vendor:qualcommmodel:sd 430scope:eqversion: -

Trust: 1.6

vendor:qualcommmodel:s820ascope:eqversion: -

Trust: 1.6

vendor:qualcommmodel:mdm9206scope:eqversion: -

Trust: 1.6

vendor:qualcommmodel:mdm9607scope:eqversion: -

Trust: 1.6

vendor:qualcommmodel:sd 415scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 617scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 650scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 835scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 652scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 615scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 845scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 820scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 616scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 412scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 625scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9206scope: - version: -

Trust: 0.8

vendor:qualcommmodel:mdm9607scope: - version: -

Trust: 0.8

vendor:qualcommmodel:mdm9650scope: - version: -

Trust: 0.8

vendor:qualcommmodel:s820ascope: - version: -

Trust: 0.8

vendor:qualcommmodel:s820amscope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 210scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 212scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 410scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 412scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 415scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 425scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 430scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 615scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 616scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 617scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 625scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 650scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 652scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 820scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 835scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 845scope: - version: -

Trust: 0.8

vendor:googlemodel:androidscope:eqversion:0

Trust: 0.3

sources: BID: 103502 // JVNDB: JVNDB-2017-012721 // CNNVD: CNNVD-201709-1246 // NVD: CVE-2017-14910

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-14910
value: CRITICAL

Trust: 1.0

NVD: CVE-2017-14910
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-201709-1246
value: CRITICAL

Trust: 0.6

VULHUB: VHN-105680
value: HIGH

Trust: 0.1

VULMON: CVE-2017-14910
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2017-14910
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-105680
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-14910
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-105680 // VULMON: CVE-2017-14910 // JVNDB: JVNDB-2017-012721 // CNNVD: CNNVD-201709-1246 // NVD: CVE-2017-14910

PROBLEMTYPE DATA

problemtype:CWE-125

Trust: 1.1

problemtype:CWE-20

Trust: 0.9

sources: VULHUB: VHN-105680 // JVNDB: JVNDB-2017-012721 // NVD: CVE-2017-14910

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201709-1246

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201709-1246

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-012721

PATCH
title:Android のセキュリティに関する公開情報 - 2018 年 2 月url:https://source.android.com/security/bulletin/2018-02-01
Trust: 0.8
title:Qualcomm Snapdragonurl:https://www.qualcomm.co.jp/snapdragon
Trust: 0.8
title:Android Enter the fix for the verification vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=100079
Trust: 0.6
title:Android Security Bulletins: Android Security Bulletin—February 2018url:https://vulmon.com/vendoradvisory?qidtp=android_security_bulletins&qid=2608562efcb11f48adb20563e7a76887
Trust: 0.1
sources:
            
            
            VULMON: CVE-2017-14910 // 
            
            
            
            JVNDB: JVNDB-2017-012721 // 
            
            
            
            CNNVD: CNNVD-201709-1246

EXTERNAL IDS
db:NVDid:CVE-2017-14910
Trust: 2.9
db:JVNDBid:JVNDB-2017-012721
Trust: 0.8
db:CNNVDid:CNNVD-201709-1246
Trust: 0.7
db:BIDid:103502
Trust: 0.4
db:VULHUBid:VHN-105680
Trust: 0.1
db:VULMONid:CVE-2017-14910
Trust: 0.1
sources:
            
            
            VULHUB: VHN-105680 // 
            
            
            
            VULMON: CVE-2017-14910 // 
            
            
            
            BID: 103502 // 
            
            
            
            JVNDB: JVNDB-2017-012721 // 
            
            
            
            CNNVD: CNNVD-201709-1246 // 
            
            
            
            NVD: CVE-2017-14910

REFERENCES
url:https://source.android.com/security/bulletin/2018-02-01
Trust: 2.1
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-14910
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-14910
Trust: 0.8
url:http://code.google.com/android/
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/125.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://source.android.com/security/bulletin/2018-02-01.html
Trust: 0.1
sources:
            
            
            VULHUB: VHN-105680 // 
            
            
            
            VULMON: CVE-2017-14910 // 
            
            
            
            BID: 103502 // 
            
            
            
            JVNDB: JVNDB-2017-012721 // 
            
            
            
            CNNVD: CNNVD-201709-1246 // 
            
            
            
            NVD: CVE-2017-14910

CREDITS
The vendor reported the issue.
Trust: 0.3
sources:
            
            
            BID: 103502

SOURCES
db:VULHUBid:VHN-105680
db:VULMONid:CVE-2017-14910
db:BIDid:103502
db:JVNDBid:JVNDB-2017-012721
db:CNNVDid:CNNVD-201709-1246
db:NVDid:CVE-2017-14910

LAST UPDATE DATE
2024-11-23T22:06:59.950000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-105680date:2019-10-03T00:00:00
db:VULMONid:CVE-2017-14910date:2019-10-03T00:00:00
db:BIDid:103502date:2018-02-05T00:00:00
db:JVNDBid:JVNDB-2017-012721date:2018-04-09T00:00:00
db:CNNVDid:CNNVD-201709-1246date:2020-07-15T00:00:00
db:NVDid:CVE-2017-14910date:2024-11-21T03:13:44.400

SOURCES RELEASE DATE
db:VULHUBid:VHN-105680date:2018-02-23T00:00:00
db:VULMONid:CVE-2017-14910date:2018-02-23T00:00:00
db:BIDid:103502date:2018-02-05T00:00:00
db:JVNDBid:JVNDB-2017-012721date:2018-04-09T00:00:00
db:CNNVDid:CNNVD-201709-1246date:2017-09-29T00:00:00
db:NVDid:CVE-2017-14910date:2018-02-23T23:29:00.297