Sign-up

ID

VAR-201901-0777


CVE

CVE-2018-11279


TITLE

plural snapdragon Product buffer error vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-013847

DESCRIPTION

Lack of check of input size can make device memory get corrupted because of buffer overflow in snapdragon automobile, snapdragon mobile and snapdragon wear in versions MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 636, SD 650/52, SD 712 / SD 710 / SD 670, SD 810, SD 820, SD 820A, SD 835, SD 845 / SD 850, SDA660, SDM439, SDM630, SDM660, SDX20, Snapdragon_High_Med_2016, SXR1130. snapdragon automobile , snapdragon mobile , snapdragon wear Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Qualcomm Closed-Source Components are prone to multiple unspecified vulnerabilities. An attacker can exploit these issues to perform unauthorized actions. This may aid in further attacks. These issues are being tracked by Android Bug IDs A-78135902, A-66913713, A-67712316, A-79419833, A-109678200, A-78283451, A-78285196, A-78284194, A-78284753, A-78284517, A-78240177, A-78239686, A-78284545, A-109660689, A-78240324, A-68141338, A-78286046, A-73539037, A-73539235, A-71501115, A-33757308, A-74236942, A-77485184, A-77484529, A-33385206, A-79419639, A-79420511, A-109678338, and A-112279564. Qualcomm MDM9206 and others are products of Qualcomm (Qualcomm). The Qualcomm MDM9206 is a central processing unit (CPU). SDX24 is a modem. A buffer overflow vulnerability exists in 1x in several Qualcomm products. A remote attacker could exploit this vulnerability to cause memory corruption on the device

Trust: 2.07

sources: NVD: CVE-2018-11279 // JVNDB: JVNDB-2018-013847 // BID: 106128 // VULHUB: VHN-121122 // VULMON: CVE-2018-11279

AFFECTED PRODUCTS

vendor:qualcommmodel:sd 427scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sda660scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 710scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 425scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 820ascope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 429scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9615scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9607scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 615scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9645scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9206scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm660scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 450scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9655scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9640scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 616scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 439scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 435scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 712scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 625scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8996auscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9625scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 410scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 415scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 205scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 212scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 650scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 835scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 652scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sxr1130scope:eqversion:*

Trust: 1.0

vendor:qualcommmodel:snapdragon high med 2016scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9650scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 850scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm630scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 810scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 845scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 820scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm439scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8909wscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 670scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdx20scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9635mscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 412scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 430scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 210scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 636scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9206scope: - version: -

Trust: 0.8

vendor:qualcommmodel:mdm9607scope: - version: -

Trust: 0.8

vendor:qualcommmodel:mdm9615scope: - version: -

Trust: 0.8

vendor:qualcommmodel:mdm9625scope: - version: -

Trust: 0.8

vendor:qualcommmodel:mdm9635mscope: - version: -

Trust: 0.8

vendor:qualcommmodel:mdm9640scope: - version: -

Trust: 0.8

vendor:qualcommmodel:mdm9645scope: - version: -

Trust: 0.8

vendor:qualcommmodel:mdm9650scope: - version: -

Trust: 0.8

vendor:qualcommmodel:mdm9655scope: - version: -

Trust: 0.8

vendor:qualcommmodel:msm8909wscope: - version: -

Trust: 0.8

vendor:googlemodel:pixel xlscope:eqversion:0

Trust: 0.3

vendor:googlemodel:pixel cscope:eqversion:0

Trust: 0.3

vendor:googlemodel:pixelscope:eqversion:0

Trust: 0.3

vendor:googlemodel:nexus playerscope:eqversion:0

Trust: 0.3

vendor:googlemodel:nexusscope:eqversion:9

Trust: 0.3

vendor:googlemodel:nexus 6pscope: - version: -

Trust: 0.3

vendor:googlemodel:nexusscope:eqversion:6

Trust: 0.3

vendor:googlemodel:nexusscope:eqversion:5x

Trust: 0.3

vendor:googlemodel:androidscope:eqversion:0

Trust: 0.3

sources: BID: 106128 // JVNDB: JVNDB-2018-013847 // NVD: CVE-2018-11279

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-11279
value: HIGH

Trust: 1.0

NVD: CVE-2018-11279
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201812-410
value: HIGH

Trust: 0.6

VULHUB: VHN-121122
value: HIGH

Trust: 0.1

VULMON: CVE-2018-11279
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2018-11279
severity: HIGH
baseScore: 8.3
vectorString: AV:A/AC:L/AU:N/C:C/I:C/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-121122
severity: HIGH
baseScore: 8.3
vectorString: AV:A/AC:L/AU:N/C:C/I:C/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-11279
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-121122 // VULMON: CVE-2018-11279 // JVNDB: JVNDB-2018-013847 // CNNVD: CNNVD-201812-410 // NVD: CVE-2018-11279

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-121122 // JVNDB: JVNDB-2018-013847 // NVD: CVE-2018-11279

THREAT TYPE

specific network environment

Trust: 0.6

sources: CNNVD: CNNVD-201812-410

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201812-410

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-013847

PATCH
title:December 2018 Qualcomm Technologies, Inc. Security Bulletinurl:https://www.qualcomm.com/company/product-security/bulletins
Trust: 0.8
title:Multiple Qualcomm Product Buffer Error Vulnerability Fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=87658
Trust: 0.6
title:Android Security Bulletins: Android Security Bulletin—December 2018url:https://vulmon.com/vendoradvisory?qidtp=android_security_bulletins&qid=90af33430b981dd4da141cb90e5f3889
Trust: 0.1
sources:
            
            
            VULMON: CVE-2018-11279 // 
            
            
            
            JVNDB: JVNDB-2018-013847 // 
            
            
            
            CNNVD: CNNVD-201812-410

EXTERNAL IDS
db:NVDid:CVE-2018-11279
Trust: 2.9
db:BIDid:106128
Trust: 2.1
db:JVNDBid:JVNDB-2018-013847
Trust: 0.8
db:CNNVDid:CNNVD-201812-410
Trust: 0.7
db:VULHUBid:VHN-121122
Trust: 0.1
db:VULMONid:CVE-2018-11279
Trust: 0.1
sources:
            
            
            VULHUB: VHN-121122 // 
            
            
            
            VULMON: CVE-2018-11279 // 
            
            
            
            BID: 106128 // 
            
            
            
            JVNDB: JVNDB-2018-013847 // 
            
            
            
            CNNVD: CNNVD-201812-410 // 
            
            
            
            NVD: CVE-2018-11279

REFERENCES
url:http://www.securityfocus.com/bid/106128
Trust: 2.5
url:https://www.qualcomm.com/company/product-security/bulletins
Trust: 1.8
url:https://source.android.com/security/bulletin/2018-12-01.html
Trust: 1.0
url:http://code.google.com/android/
Trust: 0.9
url:http://www.qualcomm.com/
Trust: 0.9
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-11279
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-11279
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/119.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULHUB: VHN-121122 // 
            
            
            
            VULMON: CVE-2018-11279 // 
            
            
            
            BID: 106128 // 
            
            
            
            JVNDB: JVNDB-2018-013847 // 
            
            
            
            CNNVD: CNNVD-201812-410 // 
            
            
            
            NVD: CVE-2018-11279

CREDITS
The vendor reported these issues.
Trust: 0.9
sources:
            
            
            BID: 106128 // 
            
            
            
            CNNVD: CNNVD-201812-410

SOURCES
db:VULHUBid:VHN-121122
db:VULMONid:CVE-2018-11279
db:BIDid:106128
db:JVNDBid:JVNDB-2018-013847
db:CNNVDid:CNNVD-201812-410
db:NVDid:CVE-2018-11279

LAST UPDATE DATE
2024-11-23T19:51:18.066000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-121122date:2019-01-25T00:00:00
db:VULMONid:CVE-2018-11279date:2019-01-25T00:00:00
db:BIDid:106128date:2018-12-03T00:00:00
db:JVNDBid:JVNDB-2018-013847date:2019-03-04T00:00:00
db:CNNVDid:CNNVD-201812-410date:2019-04-16T00:00:00
db:NVDid:CVE-2018-11279date:2024-11-21T03:43:02.923

SOURCES RELEASE DATE
db:VULHUBid:VHN-121122date:2019-01-18T00:00:00
db:VULMONid:CVE-2018-11279date:2019-01-18T00:00:00
db:BIDid:106128date:2018-12-03T00:00:00
db:JVNDBid:JVNDB-2018-013847date:2019-03-04T00:00:00
db:CNNVDid:CNNVD-201812-410date:2018-12-11T00:00:00
db:NVDid:CVE-2018-11279date:2019-01-18T22:29:00.410