Details of VAR-201905-0696

ID

VAR-201905-0696

CVE

CVE-2017-18279

TITLE

plural Snapdragon Product integer overflow vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-014458

DESCRIPTION

Lack of check of buffer length before copying can lead to buffer overflow in camera module in Small Cell SoC, Snapdragon Mobile, Snapdragon Wear in FSM9055, FSM9955, IPQ4019, IPQ8064, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCA9531, QCA9558, QCA9563, QCA9880, QCA9886, QCA9980, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 800, SD 810, SD 820, SD 835, SDM630, SDM636, SDM660, SDX20, Snapdragon_High_Med_2016. Small Cell SoC , Snapdragon Mobile , Snapdragon Wear Contains an integer overflow vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Qualcomm Closed-Source Components are prone to multiple unspecified vulnerabilities. An attacker can exploit these issues to perform unauthorized actions. This may aid in further attacks. These issues are being tracked by Android Bug IDs A-78240792, A-78240715, A-78240449, A-78240612, A-78240794, A-78240199, A-78240071, A-78240736, A-78242049, A-78241971, A-78241834, A-78241375, A-68989823, A-72951265, A-74235874, A-74236406, A-77485022, A-77485183, A-77485139, A-77483830, and A-77484449. Qualcomm MDM9206 is a central processing unit (CPU) product of Qualcomm (Qualcomm). A security vulnerability exists in several Qualcomm products due to the lack of a check of the buffer length before the copy is made

Trust: 2.07

sources: NVD: CVE-2017-18279 // JVNDB: JVNDB-2017-014458 // BID: 104760 // VULHUB: VHN-109385 // VULMON: CVE-2017-18279

AFFECTED PRODUCTS

vendor:	qualcomm	model:	fsm9955	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 427	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 425	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	mdm9607	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 615	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	ipq4019	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	mdm9206	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdm660	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 450	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 616	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	mdm9640	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 435	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	fsm9055	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca9531	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca9980	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 625	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdm636	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	msm8996au	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 415	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 205	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 212	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca9880	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 650	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 835	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 652	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	snapdragon high med 2016	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca9886	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	ipq8064	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	mdm9650	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdm630	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca9558	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 810	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 820	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca9563	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	msm8909w	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdx20	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 800	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 430	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 210	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	fsm9055	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	fsm9955	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	ipq4019	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	ipq8064	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	mdm9206	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	mdm9607	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	mdm9640	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	mdm9650	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	msm8909w	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	msm8996au	scope:	-	version:	-	Trust: 0.8
vendor:	google	model:	pixel xl	scope:	eq	version:	0	Trust: 0.3
vendor:	google	model:	pixel c	scope:	eq	version:	0	Trust: 0.3
vendor:	google	model:	pixel	scope:	eq	version:	0	Trust: 0.3
vendor:	google	model:	nexus player	scope:	eq	version:	0	Trust: 0.3
vendor:	google	model:	nexus	scope:	eq	version:	9	Trust: 0.3
vendor:	google	model:	nexus 6p	scope:	-	version:	-	Trust: 0.3
vendor:	google	model:	nexus	scope:	eq	version:	6	Trust: 0.3
vendor:	google	model:	nexus	scope:	eq	version:	5x	Trust: 0.3
vendor:	google	model:	android	scope:	eq	version:	0	Trust: 0.3

sources: BID: 104760 // JVNDB: JVNDB-2017-014458 // NVD: CVE-2017-18279

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-18279
value:	HIGH
Trust: 1.0
NVD:	CVE-2017-18279
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201905-150
value:	HIGH
Trust: 0.6
VULHUB:	VHN-109385
value:	HIGH
Trust: 0.1
VULMON:	CVE-2017-18279
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2017-18279
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-109385
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-18279
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2017-18279
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-109385 // VULMON: CVE-2017-18279 // JVNDB: JVNDB-2017-014458 // CNNVD: CNNVD-201905-150 // NVD: CVE-2017-18279

PROBLEMTYPE DATA

problemtype:

CWE-190

Trust: 1.9

sources: VULHUB: VHN-109385 // JVNDB: JVNDB-2017-014458 // NVD: CVE-2017-18279

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201905-150

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201905-150

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-014458

PATCH

title:	May 2019 Qualcomm Technologies, Inc. Security Bulletin	url:	https://www.qualcomm.com/company/product-security/bulletins	Trust: 0.8
title:	Multiple Qualcomm Product input verification error vulnerability fixes	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=92296	Trust: 0.6
title:	Android Security Bulletins: Android Security Bulletin—July 2018	url:	https://vulmon.com/vendoradvisory?qidtp=android_security_bulletins&qid=25584b3d319ca9e7cb2fae9ec5dbf5e0	Trust: 0.1
title:	SamsungReleaseNotes	url:	https://github.com/samreleasenotes/SamsungReleaseNotes	Trust: 0.1

sources: VULMON: CVE-2017-18279 // JVNDB: JVNDB-2017-014458 // CNNVD: CNNVD-201905-150

EXTERNAL IDS

db:	NVD	id:	CVE-2017-18279	Trust: 2.9
db:	JVNDB	id:	JVNDB-2017-014458	Trust: 0.8
db:	CNNVD	id:	CNNVD-201905-150	Trust: 0.7
db:	BID	id:	104760	Trust: 0.3
db:	VULHUB	id:	VHN-109385	Trust: 0.1
db:	VULMON	id:	CVE-2017-18279	Trust: 0.1

sources: VULHUB: VHN-109385 // VULMON: CVE-2017-18279 // BID: 104760 // JVNDB: JVNDB-2017-014458 // CNNVD: CNNVD-201905-150 // NVD: CVE-2017-18279

REFERENCES

url:	https://www.qualcomm.com/company/product-security/bulletins	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-18279	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-18279	Trust: 0.8
url:	http://code.google.com/android/	Trust: 0.3
url:	http://www.qualcomm.com/	Trust: 0.3
url:	https://source.android.com/security/bulletin/2018-07-01	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/190.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://source.android.com/security/bulletin/2018-07-01.html	Trust: 0.1
url:	https://github.com/samreleasenotes/samsungreleasenotes	Trust: 0.1

sources: VULHUB: VHN-109385 // VULMON: CVE-2017-18279 // BID: 104760 // JVNDB: JVNDB-2017-014458 // CNNVD: CNNVD-201905-150 // NVD: CVE-2017-18279

CREDITS

The vendor reported these issues.

Trust: 0.3

sources: BID: 104760

SOURCES

db:	VULHUB	id:	VHN-109385
db:	VULMON	id:	CVE-2017-18279
db:	BID	id:	104760
db:	JVNDB	id:	JVNDB-2017-014458
db:	CNNVD	id:	CNNVD-201905-150
db:	NVD	id:	CVE-2017-18279

LAST UPDATE DATE

2024-11-23T21:38:37.690000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-109385	date:	2019-05-08T00:00:00
db:	VULMON	id:	CVE-2017-18279	date:	2021-04-16T00:00:00
db:	BID	id:	104760	date:	2018-07-02T00:00:00
db:	JVNDB	id:	JVNDB-2017-014458	date:	2019-06-03T00:00:00
db:	CNNVD	id:	CNNVD-201905-150	date:	2021-08-16T00:00:00
db:	NVD	id:	CVE-2017-18279	date:	2024-11-21T03:19:45.350

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-109385	date:	2019-05-06T00:00:00
db:	VULMON	id:	CVE-2017-18279	date:	2019-05-06T00:00:00
db:	BID	id:	104760	date:	2018-07-02T00:00:00
db:	JVNDB	id:	JVNDB-2017-014458	date:	2019-06-03T00:00:00
db:	CNNVD	id:	CNNVD-201905-150	date:	2019-05-06T00:00:00
db:	NVD	id:	CVE-2017-18279	date:	2019-05-06T23:29:00.783