ID
VAR-201810-0062
CVE
CVE-2017-18298
TITLE
plural Snapdragon In product NULL Pointer dereference vulnerability
Trust: 0.8
DESCRIPTION
Lack of Input Validation in SDMX API can lead to NULL pointer access in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear in versions MDM9206, MDM9607, MDM9650, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660 . Snapdragon Automobile , Snapdragon Mobile , Snapdragon Wear Is NULL A vulnerability related to pointer dereference exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Qualcomm MDM9607 is a central processing unit (CPU) product of Qualcomm (Qualcomm). There are security vulnerabilities in Broadcast in several Qualcomm Snapdragon products. The vulnerability is caused by SDMX API not performing input validation. An attacker could exploit this vulnerability to cause a denial of service (null pointer backreference)
Trust: 1.8
AFFECTED PRODUCTS
| vendor: | qualcomm | model: | sda660 | scope: | eq | version: | - | Trust: 1.6 |
| vendor: | qualcomm | model: | sd 810 | scope: | eq | version: | - | Trust: 1.6 |
| vendor: | qualcomm | model: | sd 835 | scope: | eq | version: | - | Trust: 1.6 |
| vendor: | qualcomm | model: | sd 845 | scope: | eq | version: | - | Trust: 1.6 |
| vendor: | qualcomm | model: | sd 412 | scope: | eq | version: | - | Trust: 1.6 |
| vendor: | qualcomm | model: | sd 410 | scope: | eq | version: | - | Trust: 1.6 |
| vendor: | qualcomm | model: | sd 430 | scope: | eq | version: | - | Trust: 1.6 |
| vendor: | qualcomm | model: | sd 617 | scope: | eq | version: | - | Trust: 1.6 |
| vendor: | qualcomm | model: | sd 425 | scope: | eq | version: | - | Trust: 1.6 |
| vendor: | qualcomm | model: | sd 850 | scope: | eq | version: | - | Trust: 1.6 |
| vendor: | qualcomm | model: | msm8996au | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 415 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 205 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 212 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 650 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 652 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 820a | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | mdm9607 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 615 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | mdm9650 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | mdm9206 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 820 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 450 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 616 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 210 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 625 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | mdm9206 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | msm8996au | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | sd 205 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | sd 820a | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | sda 660 | scope: | - | version: | - | Trust: 0.8 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-476 | Trust: 1.9 |
THREAT TYPE
local
Trust: 0.6
TYPE
other
Trust: 0.6
CONFIGURATIONS
PATCH
| title: | October 2018 Qualcomm Technologies, Inc. Security Bulletin | url: | https://www.qualcomm.com/company/product-security/bulletins | Trust: 0.8 |
| title: | Multiple Qualcomm Snapdragon product Broadcast Security vulnerabilities | url: | http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=86257 | Trust: 0.6 |
| title: | Android Security Bulletins: Android Security Bulletin—August 2018 | url: | https://vulmon.com/vendoradvisory?qidtp=android_security_bulletins&qid=746dc14fcd3f5e139648cfdc9d9039a9 | Trust: 0.1 |
| title: | SamsungReleaseNotes | url: | https://github.com/samreleasenotes/SamsungReleaseNotes | Trust: 0.1 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2017-18298 | Trust: 2.6 |
| db: | SECTRACK | id: | 1041432 | Trust: 1.2 |
| db: | JVNDB | id: | JVNDB-2017-014316 | Trust: 0.8 |
| db: | CNNVD | id: | CNNVD-201810-1159 | Trust: 0.7 |
| db: | VULHUB | id: | VHN-109406 | Trust: 0.1 |
| db: | VULMON | id: | CVE-2017-18298 | Trust: 0.1 |
REFERENCES
| url: | https://source.android.com/security/bulletin/2018-08-01#qualcomm-closed-source-components | Trust: 1.8 |
| url: | https://www.qualcomm.com/company/product-security/bulletins | Trust: 1.8 |
| url: | http://www.securitytracker.com/id/1041432 | Trust: 1.2 |
| url: | https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-18298 | Trust: 0.8 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2017-18298 | Trust: 0.8 |
| url: | https://cwe.mitre.org/data/definitions/476.html | Trust: 0.1 |
| url: | https://nvd.nist.gov | Trust: 0.1 |
| url: | https://source.android.com/security/bulletin/2018-08-01.html | Trust: 0.1 |
| url: | https://github.com/samreleasenotes/samsungreleasenotes | Trust: 0.1 |
SOURCES
| db: | VULHUB | id: | VHN-109406 |
| db: | VULMON | id: | CVE-2017-18298 |
| db: | JVNDB | id: | JVNDB-2017-014316 |
| db: | CNNVD | id: | CNNVD-201810-1159 |
| db: | NVD | id: | CVE-2017-18298 |
LAST UPDATE DATE
2024-11-23T21:24:31.921000+00:00
SOURCES UPDATE DATE
| db: | VULHUB | id: | VHN-109406 | date: | 2018-12-10T00:00:00 |
| db: | VULMON | id: | CVE-2017-18298 | date: | 2018-12-10T00:00:00 |
| db: | JVNDB | id: | JVNDB-2017-014316 | date: | 2019-01-18T00:00:00 |
| db: | CNNVD | id: | CNNVD-201810-1159 | date: | 2020-07-07T00:00:00 |
| db: | NVD | id: | CVE-2017-18298 | date: | 2024-11-21T03:19:48.147 |
SOURCES RELEASE DATE
| db: | VULHUB | id: | VHN-109406 | date: | 2018-10-23T00:00:00 |
| db: | VULMON | id: | CVE-2017-18298 | date: | 2018-10-23T00:00:00 |
| db: | JVNDB | id: | JVNDB-2017-014316 | date: | 2019-01-18T00:00:00 |
| db: | CNNVD | id: | CNNVD-201810-1159 | date: | 2018-10-24T00:00:00 |
| db: | NVD | id: | CVE-2017-18298 | date: | 2018-10-23T13:29:01.883 |