Sign-up

ID

VAR-201807-1844


CVE

CVE-2018-5882


TITLE

plural Qualcomm Snapdragon Product buffer error vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-007960

DESCRIPTION

While parsing a Flac file with a corrupted comment block, a buffer over-read can occur in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear. Qualcomm Closed-Source Components are prone to multiple unspecified vulnerabilities. An attacker can exploit these issues to perform unauthorized actions. This may aid in further attacks. These issues are being tracked by Android Bug IDs A-78240792, A-78240715, A-78240449, A-78240612, A-78240794, A-78240199, A-78240071, A-78240736, A-78242049, A-78241971, A-78241834, A-78241375, A-68989823, A-72951265, A-74235874, A-74236406, A-77485022, A-77485183, A-77485139, A-77483830, and A-77484449. Currently there is no information about this vulnerability, please keep an eye on CNNVD or vendor announcements

Trust: 2.07

sources: NVD: CVE-2018-5882 // JVNDB: JVNDB-2018-007960 // BID: 104760 // VULHUB: VHN-135914 // VULMON: CVE-2018-5882

AFFECTED PRODUCTS

vendor:qualcommmodel:sd 652scope:eqversion: -

Trust: 1.6

vendor:qualcommmodel:sd 625scope:eqversion: -

Trust: 1.6

vendor:qualcommmodel:sd 820scope:eqversion: -

Trust: 1.6

vendor:qualcommmodel:sd 650scope:eqversion: -

Trust: 1.6

vendor:qualcommmodel:sd 835scope:eqversion: -

Trust: 1.6

vendor:qualcommmodel:sd 820ascope:eqversion: -

Trust: 1.6

vendor:qualcommmodel:sd 845scope:eqversion: -

Trust: 1.6

vendor:qualcommmodel:sd 617scope:eqversion: -

Trust: 1.6

vendor:qualcommmodel:sdx20scope:eqversion: -

Trust: 1.6

vendor:qualcommmodel:sd 415scope:eqversion: -

Trust: 1.6

vendor:qualcommmodel:msm8996auscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 205scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 212scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 425scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9607scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 615scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9650scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9206scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 450scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 616scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 600scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8909wscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 430scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 210scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9206scope: - version: -

Trust: 0.8

vendor:qualcommmodel:mdm9607scope: - version: -

Trust: 0.8

vendor:qualcommmodel:mdm9650scope: - version: -

Trust: 0.8

vendor:qualcommmodel:msm8909wscope: - version: -

Trust: 0.8

vendor:qualcommmodel:msm8996auscope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 205scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 210scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 212scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 415scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 425scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 430scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 450scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 600scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 615scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 616scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 617scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 625scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 650scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 652scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 820scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 820ascope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 835scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 845scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sdx20scope: - version: -

Trust: 0.8

vendor:googlemodel:pixel xlscope:eqversion:0

Trust: 0.3

vendor:googlemodel:pixel cscope:eqversion:0

Trust: 0.3

vendor:googlemodel:pixelscope:eqversion:0

Trust: 0.3

vendor:googlemodel:nexus playerscope:eqversion:0

Trust: 0.3

vendor:googlemodel:nexusscope:eqversion:9

Trust: 0.3

vendor:googlemodel:nexus 6pscope: - version: -

Trust: 0.3

vendor:googlemodel:nexusscope:eqversion:6

Trust: 0.3

vendor:googlemodel:nexusscope:eqversion:5x

Trust: 0.3

vendor:googlemodel:androidscope:eqversion:0

Trust: 0.3

sources: BID: 104760 // JVNDB: JVNDB-2018-007960 // CNNVD: CNNVD-201807-404 // NVD: CVE-2018-5882

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-5882
value: CRITICAL

Trust: 1.0

NVD: CVE-2018-5882
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-201807-404
value: CRITICAL

Trust: 0.6

VULHUB: VHN-135914
value: HIGH

Trust: 0.1

VULMON: CVE-2018-5882
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2018-5882
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-135914
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-5882
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-135914 // VULMON: CVE-2018-5882 // JVNDB: JVNDB-2018-007960 // CNNVD: CNNVD-201807-404 // NVD: CVE-2018-5882

PROBLEMTYPE DATA

problemtype:CWE-125

Trust: 1.1

problemtype:CWE-119

Trust: 0.9

sources: VULHUB: VHN-135914 // JVNDB: JVNDB-2018-007960 // NVD: CVE-2018-5882

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201807-404

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201807-404

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-007960

PATCH
title:July 2018 Qualcomm Technologies, Inc. Security Bulletinurl:https://www.qualcomm.com/company/product-security/bulletins
Trust: 0.8
title:Qualcomm Snapdragon Automobile , Snapdragon Mobile  and Snapdragon Wear Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=81825
Trust: 0.6
title:Android Security Bulletins: Android Security Bulletin—July 2018url:https://vulmon.com/vendoradvisory?qidtp=android_security_bulletins&qid=25584b3d319ca9e7cb2fae9ec5dbf5e0
Trust: 0.1
title:SamsungReleaseNotesurl:https://github.com/samreleasenotes/SamsungReleaseNotes 
Trust: 0.1
sources:
            
            
            VULMON: CVE-2018-5882 // 
            
            
            
            JVNDB: JVNDB-2018-007960 // 
            
            
            
            CNNVD: CNNVD-201807-404

EXTERNAL IDS
db:NVDid:CVE-2018-5882
Trust: 2.9
db:JVNDBid:JVNDB-2018-007960
Trust: 0.8
db:CNNVDid:CNNVD-201807-404
Trust: 0.6
db:BIDid:104760
Trust: 0.3
db:VULHUBid:VHN-135914
Trust: 0.1
db:VULMONid:CVE-2018-5882
Trust: 0.1
sources:
            
            
            VULHUB: VHN-135914 // 
            
            
            
            VULMON: CVE-2018-5882 // 
            
            
            
            BID: 104760 // 
            
            
            
            JVNDB: JVNDB-2018-007960 // 
            
            
            
            CNNVD: CNNVD-201807-404 // 
            
            
            
            NVD: CVE-2018-5882

REFERENCES
url:https://www.qualcomm.com/company/product-security/bulletins
Trust: 1.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-5882
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-5882
Trust: 0.8
url:http://code.google.com/android/
Trust: 0.3
url:http://www.qualcomm.com/
Trust: 0.3
url:https://source.android.com/security/bulletin/2018-07-01
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/125.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://source.android.com/security/bulletin/2018-07-01.html
Trust: 0.1
url:https://github.com/samreleasenotes/samsungreleasenotes
Trust: 0.1
sources:
            
            
            VULHUB: VHN-135914 // 
            
            
            
            VULMON: CVE-2018-5882 // 
            
            
            
            BID: 104760 // 
            
            
            
            JVNDB: JVNDB-2018-007960 // 
            
            
            
            CNNVD: CNNVD-201807-404 // 
            
            
            
            NVD: CVE-2018-5882

CREDITS
The vendor reported these issues.
Trust: 0.3
sources:
            
            
            BID: 104760

SOURCES
db:VULHUBid:VHN-135914
db:VULMONid:CVE-2018-5882
db:BIDid:104760
db:JVNDBid:JVNDB-2018-007960
db:CNNVDid:CNNVD-201807-404
db:NVDid:CVE-2018-5882

LAST UPDATE DATE
2024-11-23T21:38:38.068000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-135914date:2019-10-03T00:00:00
db:VULMONid:CVE-2018-5882date:2019-10-03T00:00:00
db:BIDid:104760date:2018-07-02T00:00:00
db:JVNDBid:JVNDB-2018-007960date:2018-10-03T00:00:00
db:CNNVDid:CNNVD-201807-404date:2020-07-27T00:00:00
db:NVDid:CVE-2018-5882date:2024-11-21T04:09:37.880

SOURCES RELEASE DATE
db:VULHUBid:VHN-135914date:2018-07-06T00:00:00
db:VULMONid:CVE-2018-5882date:2018-07-06T00:00:00
db:BIDid:104760date:2018-07-02T00:00:00
db:JVNDBid:JVNDB-2018-007960date:2018-10-03T00:00:00
db:CNNVDid:CNNVD-201807-404date:2018-07-06T00:00:00
db:NVDid:CVE-2018-5882date:2018-07-06T17:29:01.757