Sign-up

ID

VAR-201807-1823


CVE

CVE-2018-5894


TITLE

plural Qualcomm Snapdragon Product out-of-bounds vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-007779

DESCRIPTION

Improper Validation of Array Index in Multimedia While parsing an mp4 file in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear, an out-of-bounds access can occur. Qualcomm Closed-Source Components are prone to multiple unspecified vulnerabilities. An attacker can exploit these issues to perform unauthorized actions. This may aid in further attacks. These issues are being tracked by Android Bug IDs A-73539080, A-73539065, A-72951191, A-72950815, A-72950554, A-74236854, and A-74235510. Attackers can exploit this vulnerability to cause out-of-bounds access

Trust: 2.07

sources: NVD: CVE-2018-5894 // JVNDB: JVNDB-2018-007779 // BID: 104759 // VULHUB: VHN-135926 // VULMON: CVE-2018-5894

AFFECTED PRODUCTS

vendor:qualcommmodel:sd 205scope:eqversion: -

Trust: 1.6

vendor:qualcommmodel:sd 212scope:eqversion: -

Trust: 1.6

vendor:qualcommmodel:sd 210scope:eqversion: -

Trust: 1.6

vendor:qualcommmodel:msm8996auscope:eqversion: -

Trust: 1.6

vendor:qualcommmodel:msm8909wscope:eqversion: -

Trust: 1.6

vendor:qualcommmodel:sd 425scope:eqversion: -

Trust: 1.6

vendor:qualcommmodel:sd 430scope:eqversion: -

Trust: 1.6

vendor:qualcommmodel:mdm9650scope:eqversion: -

Trust: 1.6

vendor:qualcommmodel:mdm9206scope:eqversion: -

Trust: 1.6

vendor:qualcommmodel:mdm9607scope:eqversion: -

Trust: 1.6

vendor:qualcommmodel:sd 415scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 617scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 650scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 835scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 652scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 820ascope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 615scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 845scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 820scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 450scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 616scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 600scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdx20scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 625scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9206scope: - version: -

Trust: 0.8

vendor:qualcommmodel:mdm9607scope: - version: -

Trust: 0.8

vendor:qualcommmodel:mdm9650scope: - version: -

Trust: 0.8

vendor:qualcommmodel:msm8909wscope: - version: -

Trust: 0.8

vendor:qualcommmodel:msm8996auscope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 205scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 210scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 212scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 415scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 425scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 430scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 450scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 600scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 615scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 616scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 617scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 625scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 650scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 652scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 820scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 820ascope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 835scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 845scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sdx20scope: - version: -

Trust: 0.8

vendor:googlemodel:pixel xlscope:eqversion:0

Trust: 0.3

vendor:googlemodel:pixel cscope:eqversion:0

Trust: 0.3

vendor:googlemodel:pixelscope:eqversion:0

Trust: 0.3

vendor:googlemodel:nexus playerscope:eqversion:0

Trust: 0.3

vendor:googlemodel:nexusscope:eqversion:9

Trust: 0.3

vendor:googlemodel:nexus 6pscope: - version: -

Trust: 0.3

vendor:googlemodel:nexusscope:eqversion:6

Trust: 0.3

vendor:googlemodel:nexusscope:eqversion:5x

Trust: 0.3

vendor:googlemodel:androidscope:eqversion:0

Trust: 0.3

sources: BID: 104759 // JVNDB: JVNDB-2018-007779 // CNNVD: CNNVD-201807-394 // NVD: CVE-2018-5894

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-5894
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-5894
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201807-394
value: MEDIUM

Trust: 0.6

VULHUB: VHN-135926
value: MEDIUM

Trust: 0.1

VULMON: CVE-2018-5894
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-5894
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-135926
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-5894
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-135926 // VULMON: CVE-2018-5894 // JVNDB: JVNDB-2018-007779 // CNNVD: CNNVD-201807-394 // NVD: CVE-2018-5894

PROBLEMTYPE DATA

problemtype:CWE-125

Trust: 1.9

problemtype:CWE-129

Trust: 1.9

sources: VULHUB: VHN-135926 // JVNDB: JVNDB-2018-007779 // NVD: CVE-2018-5894

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201807-394

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201807-394

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-007779

PATCH
title:July 2018 Qualcomm Technologies, Inc. Security Bulletinurl:https://www.qualcomm.com/company/product-security/bulletins
Trust: 0.8
title:Qualcomm Snapdragon Automobile , Snapdragon Mobile  and Snapdragon Wear Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=81815
Trust: 0.6
title:Android Security Bulletins: Android Security Bulletin—June 2018url:https://vulmon.com/vendoradvisory?qidtp=android_security_bulletins&qid=cc496c56e2bf669809bfb568f59af8e1
Trust: 0.1
title:SamsungReleaseNotesurl:https://github.com/samreleasenotes/SamsungReleaseNotes 
Trust: 0.1
sources:
            
            
            VULMON: CVE-2018-5894 // 
            
            
            
            JVNDB: JVNDB-2018-007779 // 
            
            
            
            CNNVD: CNNVD-201807-394

EXTERNAL IDS
db:NVDid:CVE-2018-5894
Trust: 2.9
db:JVNDBid:JVNDB-2018-007779
Trust: 0.8
db:CNNVDid:CNNVD-201807-394
Trust: 0.7
db:BIDid:104759
Trust: 0.3
db:VULHUBid:VHN-135926
Trust: 0.1
db:VULMONid:CVE-2018-5894
Trust: 0.1
sources:
            
            
            VULHUB: VHN-135926 // 
            
            
            
            VULMON: CVE-2018-5894 // 
            
            
            
            BID: 104759 // 
            
            
            
            JVNDB: JVNDB-2018-007779 // 
            
            
            
            CNNVD: CNNVD-201807-394 // 
            
            
            
            NVD: CVE-2018-5894

REFERENCES
url:https://www.qualcomm.com/company/product-security/bulletins
Trust: 1.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-5894
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-5894
Trust: 0.8
url:http://code.google.com/android/
Trust: 0.3
url:http://www.qualcomm.com/
Trust: 0.3
url:https://source.android.com/security/bulletin/2018-06-01
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/125.html
Trust: 0.1
url:https://cwe.mitre.org/data/definitions/129.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://source.android.com/security/bulletin/2018-06-01.html
Trust: 0.1
url:https://github.com/samreleasenotes/samsungreleasenotes
Trust: 0.1
sources:
            
            
            VULHUB: VHN-135926 // 
            
            
            
            VULMON: CVE-2018-5894 // 
            
            
            
            BID: 104759 // 
            
            
            
            JVNDB: JVNDB-2018-007779 // 
            
            
            
            CNNVD: CNNVD-201807-394 // 
            
            
            
            NVD: CVE-2018-5894

CREDITS
The vendor reported these issues.
Trust: 0.3
sources:
            
            
            BID: 104759

SOURCES
db:VULHUBid:VHN-135926
db:VULMONid:CVE-2018-5894
db:BIDid:104759
db:JVNDBid:JVNDB-2018-007779
db:CNNVDid:CNNVD-201807-394
db:NVDid:CVE-2018-5894

LAST UPDATE DATE
2024-11-23T22:06:40.383000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-135926date:2018-09-05T00:00:00
db:VULMONid:CVE-2018-5894date:2018-09-05T00:00:00
db:BIDid:104759date:2018-06-06T00:00:00
db:JVNDBid:JVNDB-2018-007779date:2018-09-26T00:00:00
db:CNNVDid:CNNVD-201807-394date:2018-07-10T00:00:00
db:NVDid:CVE-2018-5894date:2024-11-21T04:09:39.460

SOURCES RELEASE DATE
db:VULHUBid:VHN-135926date:2018-07-06T00:00:00
db:VULMONid:CVE-2018-5894date:2018-07-06T00:00:00
db:BIDid:104759date:2018-06-06T00:00:00
db:JVNDBid:JVNDB-2018-007779date:2018-09-26T00:00:00
db:CNNVDid:CNNVD-201807-394date:2018-07-06T00:00:00
db:NVDid:CVE-2018-5894date:2018-07-06T17:29:02.240