Details of VAR-201803-1349

ID

VAR-201803-1349

CVE

CVE-2017-17773

TITLE

plural Qualcomm Snapdragon Vulnerability related to input validation in products

Trust: 0.8

sources: JVNDB: JVNDB-2017-012966

DESCRIPTION

In Snapdragon Automobile, Snapdragon Wearable and Snapdragon Mobile MDM9206,MDM9607,MDM9650,SD 210/SD 212/SD 205,SD 400,SD 410/12,SD 425,SD 430,SD 450,SD 600,SD 602A,SD 615/16/SD 415,SD 617,SD 625,SD 650/52,SD 800,SD 808,SD 810,SD 820,SD 820Am,SD 835,SD 845,MSM8909W, improper input validation in video_fmt_mp4r_process_atom_avc1() causes a potential buffer overflow. plural Qualcomm Snapdragon The product contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Google Android is prone to multiple unspecified security vulnerabilities. Little is known about these issues or its effects at this time. We will update this BID as more information emerges. Android is a Linux-based open source operating system jointly developed by Google and the Open Handheld Alliance (OHA). Qualcomm closed-source components is one of the closed-source components developed by Qualcomm (Qualcomm). There is a buffer overflow vulnerability in the Qualcomm closed-source component in Android. The vulnerability is caused by the program not performing input validation correctly in the 'video_fmt_mp4r_process_atom_avc1()' function. An attacker could exploit this vulnerability to execute code or cause a denial of service

Trust: 2.07

sources: NVD: CVE-2017-17773 // JVNDB: JVNDB-2017-012966 // BID: 103292 // VULHUB: VHN-108829 // VULMON: CVE-2017-17773

AFFECTED PRODUCTS

vendor:	qualcomm	model:	sd 205	scope:	eq	version:	-	Trust: 1.6
vendor:	qualcomm	model:	sd 602a	scope:	eq	version:	-	Trust: 1.6
vendor:	qualcomm	model:	msm8909w	scope:	eq	version:	-	Trust: 1.6
vendor:	qualcomm	model:	sd 810	scope:	eq	version:	-	Trust: 1.6
vendor:	qualcomm	model:	sd 800	scope:	eq	version:	-	Trust: 1.6
vendor:	qualcomm	model:	sd 600	scope:	eq	version:	-	Trust: 1.6
vendor:	qualcomm	model:	sd 400	scope:	eq	version:	-	Trust: 1.6
vendor:	qualcomm	model:	sd 845	scope:	eq	version:	-	Trust: 1.6
vendor:	qualcomm	model:	sd 808	scope:	eq	version:	-	Trust: 1.6
vendor:	qualcomm	model:	sd 450	scope:	eq	version:	-	Trust: 1.6
vendor:	qualcomm	model:	sd 415	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 212	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 617	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 650	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 835	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 652	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 425	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	mdm9607	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 615	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	mdm9650	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	mdm9206	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	s820am	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 820	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 616	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 412	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 430	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 210	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 410	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 625	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	mdm9206	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	mdm9607	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	mdm9650	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	msm8909w	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	s820am	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	sd 205	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	sd 210	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	sd 212	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	sd 400	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	sd 410	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	sd 412	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	sd 415	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	sd 425	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	sd 430	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	sd 450	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	sd 600	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	sd 602a	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	sd 615	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	sd 616	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	sd 617	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	sd 625	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	sd 650	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	sd 652	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	sd 800	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	sd 808	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	sd 810	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	sd 820	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	sd 835	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	sd 845	scope:	-	version:	-	Trust: 0.8
vendor:	google	model:	android	scope:	eq	version:	0	Trust: 0.3

sources: BID: 103292 // JVNDB: JVNDB-2017-012966 // CNNVD: CNNVD-201712-814 // NVD: CVE-2017-17773

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-17773
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2017-17773
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-201712-814
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-108829
value:	HIGH
Trust: 0.1
VULMON:	CVE-2017-17773
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2017-17773
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-108829
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-17773
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-108829 // VULMON: CVE-2017-17773 // JVNDB: JVNDB-2017-012966 // CNNVD: CNNVD-201712-814 // NVD: CVE-2017-17773

PROBLEMTYPE DATA

problemtype:	CWE-119	Trust: 1.1
problemtype:	CWE-20	Trust: 0.9

sources: VULHUB: VHN-108829 // JVNDB: JVNDB-2017-012966 // NVD: CVE-2017-17773

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201712-814

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201712-814

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-012966

PATCH

title:	Android のセキュリティに関する公開情報 - 2018 年 3 月	url:	https://source.android.com/security/bulletin/2018-03-01	Trust: 0.8
title:	Qualcomm Snapdragon	url:	https://www.qualcomm.co.jp/snapdragon	Trust: 0.8
title:	Android Qualcomm Fixes for closed source component buffer error vulnerability	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=100248	Trust: 0.6
title:	Android Security Bulletins: Android Security Bulletin—March 2018	url:	https://vulmon.com/vendoradvisory?qidtp=android_security_bulletins&qid=1a3e17269a43938b9ba10d08fa9e1496	Trust: 0.1

sources: VULMON: CVE-2017-17773 // JVNDB: JVNDB-2017-012966 // CNNVD: CNNVD-201712-814

EXTERNAL IDS

db:	NVD	id:	CVE-2017-17773	Trust: 2.9
db:	BID	id:	103292	Trust: 2.1
db:	JVNDB	id:	JVNDB-2017-012966	Trust: 0.8
db:	CNNVD	id:	CNNVD-201712-814	Trust: 0.7
db:	VULHUB	id:	VHN-108829	Trust: 0.1
db:	VULMON	id:	CVE-2017-17773	Trust: 0.1

sources: VULHUB: VHN-108829 // VULMON: CVE-2017-17773 // BID: 103292 // JVNDB: JVNDB-2017-012966 // CNNVD: CNNVD-201712-814 // NVD: CVE-2017-17773

REFERENCES

url:	https://source.android.com/security/bulletin/2018-03-01	Trust: 2.1
url:	http://www.securityfocus.com/bid/103292	Trust: 1.9
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-17773	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-17773	Trust: 0.8
url:	http://code.google.com/android/	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/119.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://source.android.com/security/bulletin/2018-03-01.html	Trust: 0.1

sources: VULHUB: VHN-108829 // VULMON: CVE-2017-17773 // BID: 103292 // JVNDB: JVNDB-2017-012966 // CNNVD: CNNVD-201712-814 // NVD: CVE-2017-17773

CREDITS

The vendor reported the issue.

Trust: 0.3

sources: BID: 103292

SOURCES

db:	VULHUB	id:	VHN-108829
db:	VULMON	id:	CVE-2017-17773
db:	BID	id:	103292
db:	JVNDB	id:	JVNDB-2017-012966
db:	CNNVD	id:	CNNVD-201712-814
db:	NVD	id:	CVE-2017-17773

LAST UPDATE DATE

2024-11-23T22:06:58.865000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-108829	date:	2019-10-03T00:00:00
db:	VULMON	id:	CVE-2017-17773	date:	2019-10-03T00:00:00
db:	BID	id:	103292	date:	2018-03-05T00:00:00
db:	JVNDB	id:	JVNDB-2017-012966	date:	2018-05-11T00:00:00
db:	CNNVD	id:	CNNVD-201712-814	date:	2019-10-23T00:00:00
db:	NVD	id:	CVE-2017-17773	date:	2024-11-21T03:18:37.653

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-108829	date:	2018-03-15T00:00:00
db:	VULMON	id:	CVE-2017-17773	date:	2018-03-15T00:00:00
db:	BID	id:	103292	date:	2018-03-05T00:00:00
db:	JVNDB	id:	JVNDB-2017-012966	date:	2018-05-11T00:00:00
db:	CNNVD	id:	CNNVD-201712-814	date:	2017-12-21T00:00:00
db:	NVD	id:	CVE-2017-17773	date:	2018-03-15T21:29:00.573