ID

VAR-201807-1842


CVE

CVE-2018-5876


TITLE

plural Qualcomm Snapdragon Product buffer error vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-007778

DESCRIPTION

While parsing an mp4 file, a buffer overflow can occur in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear. Qualcomm Closed-Source Components are prone to multiple unspecified vulnerabilities. An attacker can exploit these issues to perform unauthorized actions. This may aid in further attacks. These issues are being tracked by Android Bug IDs A-78240792, A-78240715, A-78240449, A-78240612, A-78240794, A-78240199, A-78240071, A-78240736, A-78242049, A-78241971, A-78241834, A-78241375, A-68989823, A-72951265, A-74235874, A-74236406, A-77485022, A-77485183, A-77485139, A-77483830, and A-77484449. Attackers can use mp4 files to exploit this vulnerability to cause denial of service or execute arbitrary code

Trust: 2.07

sources: NVD: CVE-2018-5876 // JVNDB: JVNDB-2018-007778 // BID: 104760 // VULHUB: VHN-135908 // VULMON: CVE-2018-5876

AFFECTED PRODUCTS

vendor:qualcommmodel:sd 205scope:eqversion: -

Trust: 1.6

vendor:qualcommmodel:sd 212scope:eqversion: -

Trust: 1.6

vendor:qualcommmodel:sd 210scope:eqversion: -

Trust: 1.6

vendor:qualcommmodel:msm8996auscope:eqversion: -

Trust: 1.6

vendor:qualcommmodel:msm8909wscope:eqversion: -

Trust: 1.6

vendor:qualcommmodel:sd 425scope:eqversion: -

Trust: 1.6

vendor:qualcommmodel:sd 430scope:eqversion: -

Trust: 1.6

vendor:qualcommmodel:mdm9650scope:eqversion: -

Trust: 1.6

vendor:qualcommmodel:mdm9206scope:eqversion: -

Trust: 1.6

vendor:qualcommmodel:mdm9607scope:eqversion: -

Trust: 1.6

vendor:qualcommmodel:sd 415scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 617scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 650scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 835scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 652scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 820ascope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 615scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 845scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 820scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 450scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 616scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 600scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdx20scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 625scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9206scope: - version: -

Trust: 0.8

vendor:qualcommmodel:mdm9607scope: - version: -

Trust: 0.8

vendor:qualcommmodel:mdm9650scope: - version: -

Trust: 0.8

vendor:qualcommmodel:msm8909wscope: - version: -

Trust: 0.8

vendor:qualcommmodel:msm8996auscope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 205scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 210scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 212scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 415scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 425scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 430scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 450scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 600scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 615scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 616scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 617scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 625scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 650scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 652scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 820scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 820ascope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 835scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 845scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sdx20scope: - version: -

Trust: 0.8

vendor:googlemodel:pixel xlscope:eqversion:0

Trust: 0.3

vendor:googlemodel:pixel cscope:eqversion:0

Trust: 0.3

vendor:googlemodel:pixelscope:eqversion:0

Trust: 0.3

vendor:googlemodel:nexus playerscope:eqversion:0

Trust: 0.3

vendor:googlemodel:nexusscope:eqversion:9

Trust: 0.3

vendor:googlemodel:nexus 6pscope: - version: -

Trust: 0.3

vendor:googlemodel:nexusscope:eqversion:6

Trust: 0.3

vendor:googlemodel:nexusscope:eqversion:5x

Trust: 0.3

vendor:googlemodel:androidscope:eqversion:0

Trust: 0.3

sources: BID: 104760 // JVNDB: JVNDB-2018-007778 // CNNVD: CNNVD-201807-406 // NVD: CVE-2018-5876

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-5876
value: HIGH

Trust: 1.0

NVD: CVE-2018-5876
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201807-406
value: MEDIUM

Trust: 0.6

VULHUB: VHN-135908
value: MEDIUM

Trust: 0.1

VULMON: CVE-2018-5876
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-5876
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-135908
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-5876
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-135908 // VULMON: CVE-2018-5876 // JVNDB: JVNDB-2018-007778 // CNNVD: CNNVD-201807-406 // NVD: CVE-2018-5876

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-135908 // JVNDB: JVNDB-2018-007778 // NVD: CVE-2018-5876

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201807-406

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201807-406

CONFIGURATIONS

[
  {
    "CVE_data_version": "4.0",
    "nodes": [
      {
        "operator": "OR",
        "cpe_match": [
          {
            "vulnerable": true,
            "cpe22Uri": "cpe:/o:qualcomm:mdm9206_firmware"
          },
          {
            "vulnerable": true,
            "cpe22Uri": "cpe:/o:qualcomm:mdm9607_firmware"
          },
          {
            "vulnerable": true,
            "cpe22Uri": "cpe:/o:qualcomm:mdm9650_firmware"
          },
          {
            "vulnerable": true,
            "cpe22Uri": "cpe:/o:qualcomm:msm8909w_firmware"
          },
          {
            "vulnerable": true,
            "cpe22Uri": "cpe:/o:qualcomm:msm8996au_firmware"
          },
          {
            "vulnerable": true,
            "cpe22Uri": "cpe:/o:qualcomm:sd_205_firmware"
          },
          {
            "vulnerable": true,
            "cpe22Uri": "cpe:/o:qualcomm:sd_210_firmware"
          },
          {
            "vulnerable": true,
            "cpe22Uri": "cpe:/o:qualcomm:sd_212_firmware"
          },
          {
            "vulnerable": true,
            "cpe22Uri": "cpe:/o:qualcomm:sd_415_firmware"
          },
          {
            "vulnerable": true,
            "cpe22Uri": "cpe:/o:qualcomm:sd_425_firmware"
          },
          {
            "vulnerable": true,
            "cpe22Uri": "cpe:/o:qualcomm:sd_430_firmware"
          },
          {
            "vulnerable": true,
            "cpe22Uri": "cpe:/o:qualcomm:sd_450_firmware"
          },
          {
            "vulnerable": true,
            "cpe22Uri": "cpe:/o:qualcomm:sd_600_firmware"
          },
          {
            "vulnerable": true,
            "cpe22Uri": "cpe:/o:qualcomm:sd_615_firmware"
          },
          {
            "vulnerable": true,
            "cpe22Uri": "cpe:/o:qualcomm:sd_616_firmware"
          },
          {
            "vulnerable": true,
            "cpe22Uri": "cpe:/o:qualcomm:sd_617_firmware"
          },
          {
            "vulnerable": true,
            "cpe22Uri": "cpe:/o:qualcomm:sd_625_firmware"
          },
          {
            "vulnerable": true,
            "cpe22Uri": "cpe:/o:qualcomm:sd_650_firmware"
          },
          {
            "vulnerable": true,
            "cpe22Uri": "cpe:/o:qualcomm:sd_652_firmware"
          },
          {
            "vulnerable": true,
            "cpe22Uri": "cpe:/o:qualcomm:sd_820_firmware"
          },
          {
            "vulnerable": true,
            "cpe22Uri": "cpe:/o:qualcomm:sd_820a_firmware"
          },
          {
            "vulnerable": true,
            "cpe22Uri": "cpe:/o:qualcomm:sd_835_firmware"
          },
          {
            "vulnerable": true,
            "cpe22Uri": "cpe:/o:qualcomm:sd_845_firmware"
          },
          {
            "vulnerable": true,
            "cpe22Uri": "cpe:/o:qualcomm:sdx20_firmware"
          }
        ]
      }
    ]
  }
]

sources: JVNDB: JVNDB-2018-007778

PATCH

title:July 2018 Qualcomm Technologies, Inc. Security Bulletinurl:https://www.qualcomm.com/company/product-security/bulletins

Trust: 0.8

title:Qualcomm Snapdragon Automobile , Snapdragon Mobile and Snapdragon Wear Buffer error vulnerability fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=81827

Trust: 0.6

title:Android Security Bulletins: Android Security Bulletin—July 2018url:https://vulmon.com/vendoradvisory?qidtp=android_security_bulletins&qid=25584b3d319ca9e7cb2fae9ec5dbf5e0

Trust: 0.1

title:SamsungReleaseNotesurl:https://github.com/samreleasenotes/SamsungReleaseNotes

Trust: 0.1

sources: VULMON: CVE-2018-5876 // JVNDB: JVNDB-2018-007778 // CNNVD: CNNVD-201807-406

EXTERNAL IDS

db:NVDid:CVE-2018-5876

Trust: 2.9

db:JVNDBid:JVNDB-2018-007778

Trust: 0.8

db:CNNVDid:CNNVD-201807-406

Trust: 0.7

db:BIDid:104760

Trust: 0.3

db:VULHUBid:VHN-135908

Trust: 0.1

db:VULMONid:CVE-2018-5876

Trust: 0.1

sources: VULHUB: VHN-135908 // VULMON: CVE-2018-5876 // BID: 104760 // JVNDB: JVNDB-2018-007778 // CNNVD: CNNVD-201807-406 // NVD: CVE-2018-5876

REFERENCES

url:https://www.qualcomm.com/company/product-security/bulletins

Trust: 1.8

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-5876

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2018-5876

Trust: 0.8

url:http://code.google.com/android/

Trust: 0.3

url:http://www.qualcomm.com/

Trust: 0.3

url:https://source.android.com/security/bulletin/2018-07-01

Trust: 0.3

url:https://cwe.mitre.org/data/definitions/119.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://source.android.com/security/bulletin/2018-07-01.html

Trust: 0.1

url:https://github.com/samreleasenotes/samsungreleasenotes

Trust: 0.1

sources: VULHUB: VHN-135908 // VULMON: CVE-2018-5876 // BID: 104760 // JVNDB: JVNDB-2018-007778 // CNNVD: CNNVD-201807-406 // NVD: CVE-2018-5876

CREDITS

The vendor reported these issues.

Trust: 0.3

sources: BID: 104760

SOURCES

db:VULHUBid:VHN-135908
db:VULMONid:CVE-2018-5876
db:BIDid:104760
db:JVNDBid:JVNDB-2018-007778
db:CNNVDid:CNNVD-201807-406
db:NVDid:CVE-2018-5876

LAST UPDATE DATE

2024-11-23T21:38:37.897000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-135908date:2018-09-05T00:00:00
db:VULMONid:CVE-2018-5876date:2018-09-05T00:00:00
db:BIDid:104760date:2018-07-02T00:00:00
db:JVNDBid:JVNDB-2018-007778date:2018-09-26T00:00:00
db:CNNVDid:CNNVD-201807-406date:2018-07-10T00:00:00
db:NVDid:CVE-2018-5876date:2024-11-21T04:09:36.993

SOURCES RELEASE DATE

db:VULHUBid:VHN-135908date:2018-07-06T00:00:00
db:VULMONid:CVE-2018-5876date:2018-07-06T00:00:00
db:BIDid:104760date:2018-07-02T00:00:00
db:JVNDBid:JVNDB-2018-007778date:2018-09-26T00:00:00
db:CNNVDid:CNNVD-201807-406date:2018-07-06T00:00:00
db:NVDid:CVE-2018-5876date:2018-07-06T17:29:01.663