Sign-up

ID

VAR-201901-1323


CVE

CVE-2018-5868


TITLE

snapdragon automobile and snapdragon mobile Buffer error vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-013785

DESCRIPTION

Lack of checking input size can lead to buffer overflow In WideVine in snapdragon automobile and snapdragon mobile in versions MSM8996AU, SD 425, SD 430, SD 450, SD 625, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SDA660, SDX24, SXR1130. snapdragon automobile and snapdragon mobile Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Qualcomm Closed-Source Components are prone to multiple unspecified vulnerabilities. An attacker can exploit these issues to perform unauthorized actions. This may aid in further attacks. These issues are being tracked by Android Bug IDs A-78135902, A-66913713, A-67712316, A-79419833, A-109678200, A-78283451, A-78285196, A-78284194, A-78284753, A-78284517, A-78240177, A-78239686, A-78284545, A-109660689, A-78240324, A-68141338, A-78286046, A-73539037, A-73539235, A-71501115, A-33757308, A-74236942, A-77485184, A-77484529, A-33385206, A-79419639, A-79420511, A-109678338, and A-112279564. Qualcomm MSM8996AU and others are products of Qualcomm (Qualcomm). The Qualcomm MSM8996AU is a central processing unit (CPU). SDX24 is a modem. TrustZone is one of the system security components. There is a buffer overflow vulnerability in TrustZone in several Qualcomm products. The vulnerability is caused by the program not validating the input size value

Trust: 2.07

sources: NVD: CVE-2018-5868 // JVNDB: JVNDB-2018-013785 // BID: 106128 // VULHUB: VHN-135900 // VULMON: CVE-2018-5868

AFFECTED PRODUCTS

vendor:qualcommmodel:sd 850scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 845scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 820scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8996auscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 450scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdx24scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 670scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sda660scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sxr1130scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 835scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 710scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 430scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 425scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 820ascope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 712scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 625scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8996auscope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 425scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 430scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 450scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 625scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 670scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 710scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 712scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 820scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 820ascope: - version: -

Trust: 0.8

vendor:googlemodel:pixel xlscope:eqversion:0

Trust: 0.3

vendor:googlemodel:pixel cscope:eqversion:0

Trust: 0.3

vendor:googlemodel:pixelscope:eqversion:0

Trust: 0.3

vendor:googlemodel:nexus playerscope:eqversion:0

Trust: 0.3

vendor:googlemodel:nexusscope:eqversion:9

Trust: 0.3

vendor:googlemodel:nexus 6pscope: - version: -

Trust: 0.3

vendor:googlemodel:nexusscope:eqversion:6

Trust: 0.3

vendor:googlemodel:nexusscope:eqversion:5x

Trust: 0.3

vendor:googlemodel:androidscope:eqversion:0

Trust: 0.3

sources: BID: 106128 // JVNDB: JVNDB-2018-013785 // NVD: CVE-2018-5868

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-5868
value: HIGH

Trust: 1.0

NVD: CVE-2018-5868
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201812-428
value: HIGH

Trust: 0.6

VULHUB: VHN-135900
value: HIGH

Trust: 0.1

VULMON: CVE-2018-5868
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2018-5868
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-135900
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-5868
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-135900 // VULMON: CVE-2018-5868 // JVNDB: JVNDB-2018-013785 // CNNVD: CNNVD-201812-428 // NVD: CVE-2018-5868

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-135900 // JVNDB: JVNDB-2018-013785 // NVD: CVE-2018-5868

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201812-428

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201812-428

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-013785

PATCH
title:December 2018 Qualcomm Technologies, Inc. Security Bulletinurl:https://www.qualcomm.com/company/product-security/bulletins
Trust: 0.8
title:Multiple Qualcomm Product Buffer Error Vulnerability Fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=87676
Trust: 0.6
title:Android Security Bulletins: Android Security Bulletin—December 2018url:https://vulmon.com/vendoradvisory?qidtp=android_security_bulletins&qid=90af33430b981dd4da141cb90e5f3889
Trust: 0.1
sources:
            
            
            VULMON: CVE-2018-5868 // 
            
            
            
            JVNDB: JVNDB-2018-013785 // 
            
            
            
            CNNVD: CNNVD-201812-428

EXTERNAL IDS
db:NVDid:CVE-2018-5868
Trust: 2.9
db:BIDid:106128
Trust: 2.1
db:JVNDBid:JVNDB-2018-013785
Trust: 0.8
db:CNNVDid:CNNVD-201812-428
Trust: 0.7
db:VULHUBid:VHN-135900
Trust: 0.1
db:VULMONid:CVE-2018-5868
Trust: 0.1
sources:
            
            
            VULHUB: VHN-135900 // 
            
            
            
            VULMON: CVE-2018-5868 // 
            
            
            
            BID: 106128 // 
            
            
            
            JVNDB: JVNDB-2018-013785 // 
            
            
            
            CNNVD: CNNVD-201812-428 // 
            
            
            
            NVD: CVE-2018-5868

REFERENCES
url:http://www.securityfocus.com/bid/106128
Trust: 2.5
url:https://www.qualcomm.com/company/product-security/bulletins
Trust: 1.8
url:https://source.android.com/security/bulletin/2018-12-01.html
Trust: 1.0
url:http://code.google.com/android/
Trust: 0.9
url:http://www.qualcomm.com/
Trust: 0.9
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-5868
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-5868
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/119.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULHUB: VHN-135900 // 
            
            
            
            VULMON: CVE-2018-5868 // 
            
            
            
            BID: 106128 // 
            
            
            
            JVNDB: JVNDB-2018-013785 // 
            
            
            
            CNNVD: CNNVD-201812-428 // 
            
            
            
            NVD: CVE-2018-5868

CREDITS
The vendor reported these issues.
Trust: 0.9
sources:
            
            
            BID: 106128 // 
            
            
            
            CNNVD: CNNVD-201812-428

SOURCES
db:VULHUBid:VHN-135900
db:VULMONid:CVE-2018-5868
db:BIDid:106128
db:JVNDBid:JVNDB-2018-013785
db:CNNVDid:CNNVD-201812-428
db:NVDid:CVE-2018-5868

LAST UPDATE DATE
2024-11-23T20:43:18.224000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-135900date:2019-01-24T00:00:00
db:VULMONid:CVE-2018-5868date:2019-01-24T00:00:00
db:BIDid:106128date:2018-12-03T00:00:00
db:JVNDBid:JVNDB-2018-013785date:2019-03-01T00:00:00
db:CNNVDid:CNNVD-201812-428date:2019-04-16T00:00:00
db:NVDid:CVE-2018-5868date:2024-11-21T04:09:34.780

SOURCES RELEASE DATE
db:VULHUBid:VHN-135900date:2019-01-18T00:00:00
db:VULMONid:CVE-2018-5868date:2019-01-18T00:00:00
db:BIDid:106128date:2018-12-03T00:00:00
db:JVNDBid:JVNDB-2018-013785date:2019-03-01T00:00:00
db:CNNVDid:CNNVD-201812-428date:2018-12-11T00:00:00
db:NVDid:CVE-2018-5868date:2019-01-18T22:29:00.753