Sign-up

ID

VAR-201905-0690


CVE

CVE-2017-18274


TITLE

plural Snapdragon Vulnerability in sequence index validation in products

Trust: 0.8

sources: JVNDB: JVNDB-2017-014443

DESCRIPTION

While iterating through the models contained in a fixed-size array in the actData structure, which also stores an incorrect number of models that is greater than the size of the array, a buffer overflow occurs in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 617, SD 625, SD 650/52, SD 820, SD 820A, SD 835. plural Snapdragon The product contains an array index validation vulnerability.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. Qualcomm Closed-Source Components are prone to multiple unspecified vulnerabilities. An attacker can exploit these issues to perform unauthorized actions. This may aid in further attacks. These issues are being tracked by Android Bug IDs A-78240792, A-78240715, A-78240449, A-78240612, A-78240794, A-78240199, A-78240071, A-78240736, A-78242049, A-78241971, A-78241834, A-78241375, A-68989823, A-72951265, A-74235874, A-74236406, A-77485022, A-77485183, A-77485139, A-77483830, and A-77484449. Qualcomm MDM9206 is a central processing unit (CPU) product of Qualcomm (Qualcomm). An input validation error vulnerability exists in QSSP in several Qualcomm products. The vulnerability stems from the failure of the network system or product to properly validate the input data

Trust: 2.07

sources: NVD: CVE-2017-18274 // JVNDB: JVNDB-2017-014443 // BID: 104760 // VULHUB: VHN-109380 // VULMON: CVE-2017-18274

AFFECTED PRODUCTS

vendor:qualcommmodel:mdm9206scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 820scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 450scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 205scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 212scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 617scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 650scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 835scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 652scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 425scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 210scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 430scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 820ascope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9607scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 625scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9650scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9206scope: - version: -

Trust: 0.8

vendor:qualcommmodel:mdm9607scope: - version: -

Trust: 0.8

vendor:qualcommmodel:mdm9650scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 205scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 210scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 212scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 425scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 430scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 450scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 617scope: - version: -

Trust: 0.8

vendor:googlemodel:pixel xlscope:eqversion:0

Trust: 0.3

vendor:googlemodel:pixel cscope:eqversion:0

Trust: 0.3

vendor:googlemodel:pixelscope:eqversion:0

Trust: 0.3

vendor:googlemodel:nexus playerscope:eqversion:0

Trust: 0.3

vendor:googlemodel:nexusscope:eqversion:9

Trust: 0.3

vendor:googlemodel:nexus 6pscope: - version: -

Trust: 0.3

vendor:googlemodel:nexusscope:eqversion:6

Trust: 0.3

vendor:googlemodel:nexusscope:eqversion:5x

Trust: 0.3

vendor:googlemodel:androidscope:eqversion:0

Trust: 0.3

sources: BID: 104760 // JVNDB: JVNDB-2017-014443 // NVD: CVE-2017-18274

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-18274
value: HIGH

Trust: 1.0

NVD: CVE-2017-18274
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201905-146
value: HIGH

Trust: 0.6

VULHUB: VHN-109380
value: HIGH

Trust: 0.1

VULMON: CVE-2017-18274
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2017-18274
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-109380
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-18274
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-109380 // VULMON: CVE-2017-18274 // JVNDB: JVNDB-2017-014443 // CNNVD: CNNVD-201905-146 // NVD: CVE-2017-18274

PROBLEMTYPE DATA

problemtype:CWE-129

Trust: 1.9

sources: VULHUB: VHN-109380 // JVNDB: JVNDB-2017-014443 // NVD: CVE-2017-18274

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201905-146

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201905-146

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-014443

PATCH
title:August 2018 Qualcomm Technologies, Inc. Security Bulletinurl:https://www.qualcomm.com/company/product-security/bulletins
Trust: 0.8
title:Multiple Qualcomm Product input verification error vulnerability fixesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=92292
Trust: 0.6
title:Android Security Bulletins: Android Security Bulletin—July 2018url:https://vulmon.com/vendoradvisory?qidtp=android_security_bulletins&qid=25584b3d319ca9e7cb2fae9ec5dbf5e0
Trust: 0.1
title:SamsungReleaseNotesurl:https://github.com/samreleasenotes/SamsungReleaseNotes 
Trust: 0.1
sources:
            
            
            VULMON: CVE-2017-18274 // 
            
            
            
            JVNDB: JVNDB-2017-014443 // 
            
            
            
            CNNVD: CNNVD-201905-146

EXTERNAL IDS
db:NVDid:CVE-2017-18274
Trust: 2.9
db:JVNDBid:JVNDB-2017-014443
Trust: 0.8
db:CNNVDid:CNNVD-201905-146
Trust: 0.7
db:BIDid:104760
Trust: 0.3
db:VULHUBid:VHN-109380
Trust: 0.1
db:VULMONid:CVE-2017-18274
Trust: 0.1
sources:
            
            
            VULHUB: VHN-109380 // 
            
            
            
            VULMON: CVE-2017-18274 // 
            
            
            
            BID: 104760 // 
            
            
            
            JVNDB: JVNDB-2017-014443 // 
            
            
            
            CNNVD: CNNVD-201905-146 // 
            
            
            
            NVD: CVE-2017-18274

REFERENCES
url:https://www.qualcomm.com/company/product-security/bulletins
Trust: 1.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-18274
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-18274
Trust: 0.8
url:http://code.google.com/android/
Trust: 0.3
url:http://www.qualcomm.com/
Trust: 0.3
url:https://source.android.com/security/bulletin/2018-07-01
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/129.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://source.android.com/security/bulletin/2018-07-01.html
Trust: 0.1
url:https://github.com/samreleasenotes/samsungreleasenotes
Trust: 0.1
sources:
            
            
            VULHUB: VHN-109380 // 
            
            
            
            VULMON: CVE-2017-18274 // 
            
            
            
            BID: 104760 // 
            
            
            
            JVNDB: JVNDB-2017-014443 // 
            
            
            
            CNNVD: CNNVD-201905-146 // 
            
            
            
            NVD: CVE-2017-18274

CREDITS
The vendor reported these issues.
Trust: 0.3
sources:
            
            
            BID: 104760

SOURCES
db:VULHUBid:VHN-109380
db:VULMONid:CVE-2017-18274
db:BIDid:104760
db:JVNDBid:JVNDB-2017-014443
db:CNNVDid:CNNVD-201905-146
db:NVDid:CVE-2017-18274

LAST UPDATE DATE
2024-11-23T21:38:37.966000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-109380date:2019-05-07T00:00:00
db:VULMONid:CVE-2017-18274date:2019-05-07T00:00:00
db:BIDid:104760date:2018-07-02T00:00:00
db:JVNDBid:JVNDB-2017-014443date:2019-05-31T00:00:00
db:CNNVDid:CNNVD-201905-146date:2019-05-14T00:00:00
db:NVDid:CVE-2017-18274date:2024-11-21T03:19:44.660

SOURCES RELEASE DATE
db:VULHUBid:VHN-109380date:2019-05-06T00:00:00
db:VULMONid:CVE-2017-18274date:2019-05-06T00:00:00
db:BIDid:104760date:2018-07-02T00:00:00
db:JVNDBid:JVNDB-2017-014443date:2019-05-31T00:00:00
db:CNNVDid:CNNVD-201905-146date:2019-05-06T00:00:00
db:NVDid:CVE-2017-18274date:2019-05-06T23:29:00.547