Sign-up

ID

VAR-201905-0693


CVE

CVE-2017-18173


TITLE

plural Snapdragon Product integer overflow vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-014447

DESCRIPTION

In case of using an invalid android verified boot signature with very large length, an integer underflow occurs in Snapdragon Mobile in SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 810, SD 820, SD 835, SDM630, SDM636, SDM660, Snapdragon_High_Med_2016. plural Snapdragon The product contains an integer overflow vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Qualcomm Closed-Source Components are prone to multiple unspecified vulnerabilities. An attacker can exploit these issues to perform unauthorized actions. This may aid in further attacks. These issues are being tracked by Android Bug IDs A-78240792, A-78240715, A-78240449, A-78240612, A-78240794, A-78240199, A-78240071, A-78240736, A-78242049, A-78241971, A-78241834, A-78241375, A-68989823, A-72951265, A-74235874, A-74236406, A-77485022, A-77485183, A-77485139, A-77483830, and A-77484449. Qualcomm SD 820 and others are a central processing unit (CPU) product of Qualcomm (Qualcomm). An Input Validation Error vulnerability exists in UEFI in several Qualcomm products. The vulnerability stems from the failure of the network system or product to properly validate the input data

Trust: 2.07

sources: NVD: CVE-2017-18173 // JVNDB: JVNDB-2017-014447 // BID: 104760 // VULHUB: VHN-109269 // VULMON: CVE-2017-18173

AFFECTED PRODUCTS

vendor:qualcommmodel:sdm630scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm660scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 810scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm636scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 820scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 450scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 427scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 435scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 835scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 430scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 425scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:snapdragon high med 2016scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 625scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 425scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 427scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 430scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 435scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 450scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 625scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 810scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 820scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 835scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sdm630scope: - version: -

Trust: 0.8

vendor:googlemodel:pixel xlscope:eqversion:0

Trust: 0.3

vendor:googlemodel:pixel cscope:eqversion:0

Trust: 0.3

vendor:googlemodel:pixelscope:eqversion:0

Trust: 0.3

vendor:googlemodel:nexus playerscope:eqversion:0

Trust: 0.3

vendor:googlemodel:nexusscope:eqversion:9

Trust: 0.3

vendor:googlemodel:nexus 6pscope: - version: -

Trust: 0.3

vendor:googlemodel:nexusscope:eqversion:6

Trust: 0.3

vendor:googlemodel:nexusscope:eqversion:5x

Trust: 0.3

vendor:googlemodel:androidscope:eqversion:0

Trust: 0.3

sources: BID: 104760 // JVNDB: JVNDB-2017-014447 // NVD: CVE-2017-18173

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-18173
value: HIGH

Trust: 1.0

NVD: CVE-2017-18173
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201905-145
value: HIGH

Trust: 0.6

VULHUB: VHN-109269
value: HIGH

Trust: 0.1

VULMON: CVE-2017-18173
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2017-18173
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-109269
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-18173
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-109269 // VULMON: CVE-2017-18173 // JVNDB: JVNDB-2017-014447 // CNNVD: CNNVD-201905-145 // NVD: CVE-2017-18173

PROBLEMTYPE DATA

problemtype:CWE-190

Trust: 1.9

sources: VULHUB: VHN-109269 // JVNDB: JVNDB-2017-014447 // NVD: CVE-2017-18173

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201905-145

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201905-145

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-014447

PATCH
title:August 2018 Qualcomm Technologies, Inc. Security Bulletinurl:https://www.qualcomm.com/company/product-security/bulletins
Trust: 0.8
title:Multiple Qualcomm Product input verification error vulnerability fixesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=92291
Trust: 0.6
title:Android Security Bulletins: Android Security Bulletin—July 2018url:https://vulmon.com/vendoradvisory?qidtp=android_security_bulletins&qid=25584b3d319ca9e7cb2fae9ec5dbf5e0
Trust: 0.1
title:SamsungReleaseNotesurl:https://github.com/samreleasenotes/SamsungReleaseNotes 
Trust: 0.1
sources:
            
            
            VULMON: CVE-2017-18173 // 
            
            
            
            JVNDB: JVNDB-2017-014447 // 
            
            
            
            CNNVD: CNNVD-201905-145

EXTERNAL IDS
db:NVDid:CVE-2017-18173
Trust: 2.9
db:JVNDBid:JVNDB-2017-014447
Trust: 0.8
db:CNNVDid:CNNVD-201905-145
Trust: 0.7
db:BIDid:104760
Trust: 0.3
db:VULHUBid:VHN-109269
Trust: 0.1
db:VULMONid:CVE-2017-18173
Trust: 0.1
sources:
            
            
            VULHUB: VHN-109269 // 
            
            
            
            VULMON: CVE-2017-18173 // 
            
            
            
            BID: 104760 // 
            
            
            
            JVNDB: JVNDB-2017-014447 // 
            
            
            
            CNNVD: CNNVD-201905-145 // 
            
            
            
            NVD: CVE-2017-18173

REFERENCES
url:https://www.qualcomm.com/company/product-security/bulletins
Trust: 1.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-18173
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-18173
Trust: 0.8
url:http://code.google.com/android/
Trust: 0.3
url:http://www.qualcomm.com/
Trust: 0.3
url:https://source.android.com/security/bulletin/2018-07-01
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/190.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://source.android.com/security/bulletin/2018-07-01.html
Trust: 0.1
url:https://github.com/samreleasenotes/samsungreleasenotes
Trust: 0.1
sources:
            
            
            VULHUB: VHN-109269 // 
            
            
            
            VULMON: CVE-2017-18173 // 
            
            
            
            BID: 104760 // 
            
            
            
            JVNDB: JVNDB-2017-014447 // 
            
            
            
            CNNVD: CNNVD-201905-145 // 
            
            
            
            NVD: CVE-2017-18173

CREDITS
The vendor reported these issues.
Trust: 0.3
sources:
            
            
            BID: 104760

SOURCES
db:VULHUBid:VHN-109269
db:VULMONid:CVE-2017-18173
db:BIDid:104760
db:JVNDBid:JVNDB-2017-014447
db:CNNVDid:CNNVD-201905-145
db:NVDid:CVE-2017-18173

LAST UPDATE DATE
2024-11-23T21:38:37.931000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-109269date:2019-05-07T00:00:00
db:VULMONid:CVE-2017-18173date:2019-05-07T00:00:00
db:BIDid:104760date:2018-07-02T00:00:00
db:JVNDBid:JVNDB-2017-014447date:2019-05-31T00:00:00
db:CNNVDid:CNNVD-201905-145date:2019-05-14T00:00:00
db:NVDid:CVE-2017-18173date:2024-11-21T03:19:28.997

SOURCES RELEASE DATE
db:VULHUBid:VHN-109269date:2019-05-06T00:00:00
db:VULMONid:CVE-2017-18173date:2019-05-06T00:00:00
db:BIDid:104760date:2018-07-02T00:00:00
db:JVNDBid:JVNDB-2017-014447date:2019-05-31T00:00:00
db:CNNVDid:CNNVD-201905-145date:2019-05-06T00:00:00
db:NVDid:CVE-2017-18173date:2019-05-06T23:29:00.487