ID
VAR-201811-0012
CVE
CVE-2017-18318
TITLE
Snapdragon Automobile and Snapdragon Mobile Input validation vulnerability
Trust: 0.8
DESCRIPTION
Missing validation check on CRL issuer name in Snapdragon Automobile, Snapdragon Mobile in versions MSM8996AU, SD 410/12, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 810, SD 820, SD 820A. Snapdragon Automobile and Snapdragon Mobile Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Qualcomm Closed-Source Components are prone to multiple unspecified vulnerabilities. An attacker can exploit these issues to perform unauthorized actions. This may aid in further attacks. These issues are being tracked by Android Bug IDs A-78244877, A-79420111, A-109677962, A-68326808, A-78240714, A-78240675, A-78241957, A-72950294, A-74235967, A-77484722, A-77484786, A-79420492, A-79420096, and A-109678529. Qualcomm MSM8996AU, etc. are the central processing unit (CPU) products of Qualcomm (Qualcomm) for different platforms. An input validation vulnerability exists in Broadcast Services in several Qualcomm Snapdragon products
Trust: 2.07
AFFECTED PRODUCTS
| vendor: | qualcomm | model: | sd 625 | scope: | eq | version: | - | Trust: 1.6 |
| vendor: | qualcomm | model: | sd 810 | scope: | eq | version: | - | Trust: 1.6 |
| vendor: | qualcomm | model: | sd 820 | scope: | eq | version: | - | Trust: 1.6 |
| vendor: | qualcomm | model: | sd 650 | scope: | eq | version: | - | Trust: 1.6 |
| vendor: | qualcomm | model: | sd 820a | scope: | eq | version: | - | Trust: 1.6 |
| vendor: | qualcomm | model: | sd 412 | scope: | eq | version: | - | Trust: 1.6 |
| vendor: | qualcomm | model: | sd 425 | scope: | eq | version: | - | Trust: 1.6 |
| vendor: | qualcomm | model: | sd 430 | scope: | eq | version: | - | Trust: 1.6 |
| vendor: | qualcomm | model: | sd 652 | scope: | eq | version: | - | Trust: 1.6 |
| vendor: | qualcomm | model: | sd 450 | scope: | eq | version: | - | Trust: 1.6 |
| vendor: | qualcomm | model: | msm8996au | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 410 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | msm8996au | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | sd 410 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | sd 412 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | sd 425 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | sd 430 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | sd 450 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | sd 625 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | sd 650 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | sd 652 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | sd 810 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | sd 820 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | sd 820a | scope: | - | version: | - | Trust: 0.8 |
| vendor: | model: | pixel xl | scope: | eq | version: | 0 | Trust: 0.3 | |
| vendor: | model: | pixel c | scope: | eq | version: | 0 | Trust: 0.3 | |
| vendor: | model: | pixel | scope: | eq | version: | 0 | Trust: 0.3 | |
| vendor: | model: | nexus player | scope: | eq | version: | 0 | Trust: 0.3 | |
| vendor: | model: | nexus | scope: | eq | version: | 9 | Trust: 0.3 | |
| vendor: | model: | nexus 6p | scope: | - | version: | - | Trust: 0.3 | |
| vendor: | model: | nexus | scope: | eq | version: | 6 | Trust: 0.3 | |
| vendor: | model: | nexus | scope: | eq | version: | 5x | Trust: 0.3 | |
| vendor: | model: | android | scope: | eq | version: | 0 | Trust: 0.3 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-20 | Trust: 1.9 |
THREAT TYPE
remote
Trust: 0.6
TYPE
input validation
Trust: 0.6
CONFIGURATIONS
PATCH
| title: | November 2018 Qualcomm Technologies, Inc. Security Bulletin | url: | https://www.qualcomm.com/company/product-security/bulletins | Trust: 0.8 |
| title: | Multiple Qualcomm Snapdragon Fixes for product input validation vulnerabilities | url: | http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=87056 | Trust: 0.6 |
| title: | Android Security Bulletins: Android Security Bulletin—November 2018 | url: | https://vulmon.com/vendoradvisory?qidtp=android_security_bulletins&qid=2a07dd9b0f590517e161812c849b67e5 | Trust: 0.1 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2017-18318 | Trust: 2.9 |
| db: | BID | id: | 105838 | Trust: 1.5 |
| db: | JVNDB | id: | JVNDB-2017-014333 | Trust: 0.8 |
| db: | CNNVD | id: | CNNVD-201811-832 | Trust: 0.7 |
| db: | VULHUB | id: | VHN-109428 | Trust: 0.1 |
| db: | VULMON | id: | CVE-2017-18318 | Trust: 0.1 |
REFERENCES
| url: | https://www.qualcomm.com/company/product-security/bulletins | Trust: 1.8 |
| url: | http://www.securityfocus.com/bid/105838 | Trust: 1.3 |
| url: | https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-18318 | Trust: 0.8 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2017-18318 | Trust: 0.8 |
| url: | https://source.android.com/security/bulletin/2018-11-01.html | Trust: 0.4 |
| url: | http://code.google.com/android/ | Trust: 0.3 |
| url: | http://www.qualcomm.com/ | Trust: 0.3 |
| url: | https://cwe.mitre.org/data/definitions/20.html | Trust: 0.1 |
| url: | https://nvd.nist.gov | Trust: 0.1 |
CREDITS
The vendor reported these issues.
Trust: 0.3
SOURCES
| db: | VULHUB | id: | VHN-109428 |
| db: | VULMON | id: | CVE-2017-18318 |
| db: | BID | id: | 105838 |
| db: | JVNDB | id: | JVNDB-2017-014333 |
| db: | CNNVD | id: | CNNVD-201811-832 |
| db: | NVD | id: | CVE-2017-18318 |
LAST UPDATE DATE
2024-11-23T22:00:18.322000+00:00
SOURCES UPDATE DATE
| db: | VULHUB | id: | VHN-109428 | date: | 2018-12-26T00:00:00 |
| db: | VULMON | id: | CVE-2017-18318 | date: | 2018-12-26T00:00:00 |
| db: | BID | id: | 105838 | date: | 2018-11-05T00:00:00 |
| db: | JVNDB | id: | JVNDB-2017-014333 | date: | 2019-02-05T00:00:00 |
| db: | CNNVD | id: | CNNVD-201811-832 | date: | 2018-11-29T00:00:00 |
| db: | NVD | id: | CVE-2017-18318 | date: | 2024-11-21T03:19:50.710 |
SOURCES RELEASE DATE
| db: | VULHUB | id: | VHN-109428 | date: | 2018-11-28T00:00:00 |
| db: | VULMON | id: | CVE-2017-18318 | date: | 2018-11-28T00:00:00 |
| db: | BID | id: | 105838 | date: | 2018-11-05T00:00:00 |
| db: | JVNDB | id: | JVNDB-2017-014333 | date: | 2019-02-05T00:00:00 |
| db: | CNNVD | id: | CNNVD-201811-832 | date: | 2018-11-29T00:00:00 |
| db: | NVD | id: | CVE-2017-18318 | date: | 2018-11-28T15:29:00.377 |