Sign-up

ID

VAR-201810-0055


CVE

CVE-2017-18283


TITLE

Snapdragon Mobile Input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-014300

DESCRIPTION

Possible memory corruption when Read Val Blob Req is received with invalid parameters in Snapdragon Mobile in version QCA9379, SD 210/SD 212/SD 205, SD 625, SD 835, SD 845, SD 850, SDA660. Snapdragon Mobile Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Qualcomm QCA9379 and others are products of Qualcomm (Qualcomm). Qualcomm QCA9379 is a WiFi module. SD 210, etc. are central processing unit (CPU) products applied to different platforms. Bluetooth controller is one of the Bluetooth controller components. An attacker could exploit this vulnerability to cause memory corruption. The following products (for mobile devices) are affected: Qualcomm QCA9379; SD 210; SD 212; SD 205; SD 625; SD 835; SD 845; SD 850; SDA660

Trust: 1.8

sources: NVD: CVE-2017-18283 // JVNDB: JVNDB-2017-014300 // VULHUB: VHN-109390 // VULMON: CVE-2017-18283

AFFECTED PRODUCTS

vendor:qualcommmodel:sd 205scope:eqversion: -

Trust: 1.6

vendor:qualcommmodel:sd 210scope:eqversion: -

Trust: 1.6

vendor:qualcommmodel:sd 212scope:eqversion: -

Trust: 1.6

vendor:qualcommmodel:sda660scope:eqversion: -

Trust: 1.6

vendor:qualcommmodel:sd 625scope:eqversion: -

Trust: 1.6

vendor:qualcommmodel:sd 835scope:eqversion: -

Trust: 1.6

vendor:qualcommmodel:sd 845scope:eqversion: -

Trust: 1.6

vendor:qualcommmodel:qca9379scope:eqversion: -

Trust: 1.6

vendor:qualcommmodel:sd 850scope:eqversion: -

Trust: 1.6

vendor:qualcommmodel:qca9379scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 205scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 210scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 212scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 625scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 835scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 845scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 850scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sda 660scope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2017-014300 // CNNVD: CNNVD-201810-1152 // NVD: CVE-2017-18283

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-18283
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-18283
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201810-1152
value: MEDIUM

Trust: 0.6

VULHUB: VHN-109390
value: MEDIUM

Trust: 0.1

VULMON: CVE-2017-18283
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-18283
severity: MEDIUM
baseScore: 6.1
vectorString: AV:A/AC:L/AU:N/C:N/I:N/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-109390
severity: MEDIUM
baseScore: 6.1
vectorString: AV:A/AC:L/AU:N/C:N/I:N/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-18283
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-109390 // VULMON: CVE-2017-18283 // JVNDB: JVNDB-2017-014300 // CNNVD: CNNVD-201810-1152 // NVD: CVE-2017-18283

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.1

problemtype:CWE-20

Trust: 0.9

sources: VULHUB: VHN-109390 // JVNDB: JVNDB-2017-014300 // NVD: CVE-2017-18283

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-201810-1152

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201810-1152

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-014300

PATCH
title:October 2018 Qualcomm Technologies, Inc. Security Bulletinurl:https://www.qualcomm.com/company/product-security/bulletins
Trust: 0.8
title:Multiple Qualcomm Snapdragon product Bluethooth controller Enter the fix for the verification vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=86250
Trust: 0.6
title:Android Security Bulletins: Android Security Bulletin—August 2018url:https://vulmon.com/vendoradvisory?qidtp=android_security_bulletins&qid=746dc14fcd3f5e139648cfdc9d9039a9
Trust: 0.1
title:SamsungReleaseNotesurl:https://github.com/samreleasenotes/SamsungReleaseNotes 
Trust: 0.1
sources:
            
            
            VULMON: CVE-2017-18283 // 
            
            
            
            JVNDB: JVNDB-2017-014300 // 
            
            
            
            CNNVD: CNNVD-201810-1152

EXTERNAL IDS
db:NVDid:CVE-2017-18283
Trust: 2.6
db:SECTRACKid:1041432
Trust: 1.8
db:JVNDBid:JVNDB-2017-014300
Trust: 0.8
db:CNNVDid:CNNVD-201810-1152
Trust: 0.7
db:VULHUBid:VHN-109390
Trust: 0.1
db:VULMONid:CVE-2017-18283
Trust: 0.1
sources:
            
            
            VULHUB: VHN-109390 // 
            
            
            
            VULMON: CVE-2017-18283 // 
            
            
            
            JVNDB: JVNDB-2017-014300 // 
            
            
            
            CNNVD: CNNVD-201810-1152 // 
            
            
            
            NVD: CVE-2017-18283

REFERENCES
url:https://source.android.com/security/bulletin/2018-08-01#qualcomm-closed-source-components
Trust: 1.8
url:https://www.qualcomm.com/company/product-security/bulletins
Trust: 1.8
url:http://www.securitytracker.com/id/1041432
Trust: 1.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-18283
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-18283
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/119.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://source.android.com/security/bulletin/2018-08-01.html
Trust: 0.1
url:https://github.com/samreleasenotes/samsungreleasenotes
Trust: 0.1
sources:
            
            
            VULHUB: VHN-109390 // 
            
            
            
            VULMON: CVE-2017-18283 // 
            
            
            
            JVNDB: JVNDB-2017-014300 // 
            
            
            
            CNNVD: CNNVD-201810-1152 // 
            
            
            
            NVD: CVE-2017-18283

SOURCES
db:VULHUBid:VHN-109390
db:VULMONid:CVE-2017-18283
db:JVNDBid:JVNDB-2017-014300
db:CNNVDid:CNNVD-201810-1152
db:NVDid:CVE-2017-18283

LAST UPDATE DATE
2024-08-14T12:13:24.674000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-109390date:2019-10-03T00:00:00
db:VULMONid:CVE-2017-18283date:2019-10-03T00:00:00
db:JVNDBid:JVNDB-2017-014300date:2019-01-11T00:00:00
db:CNNVDid:CNNVD-201810-1152date:2019-10-23T00:00:00
db:NVDid:CVE-2017-18283date:2019-10-03T00:03:26.223

SOURCES RELEASE DATE
db:VULHUBid:VHN-109390date:2018-10-23T00:00:00
db:VULMONid:CVE-2017-18283date:2018-10-23T00:00:00
db:JVNDBid:JVNDB-2017-014300date:2019-01-11T00:00:00
db:CNNVDid:CNNVD-201810-1152date:2018-10-24T00:00:00
db:NVDid:CVE-2017-18283date:2018-10-23T13:29:00.977