Sign-up

ID

VAR-201905-0750


CVE

CVE-2018-11923


TITLE

plural Snapdragon Product buffer error vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-015510

DESCRIPTION

Improper buffer length check before copying can lead to integer overflow and then a buffer overflow in WMA event handler in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA6574AU, QCS605, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 636, SD 712 / SD 710 / SD 670, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM630, SDM660, SDX20, SDX24. plural Snapdragon The product contains a buffer error vulnerability and an integer overflow vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Google Android is prone to the following security vulnerabilities: 1. Multiple buffer-overflow vulnerabilities 2. Multiple information-disclosure vulnerabilities 3. Multiple security-bypass vulnerabilities 4. Multiple security vulnerabilities 5. Multiple integer overflow vulnerabilities An attacker can exploit these issues to bypass certain security restrictions and to perform unauthorized actions, gain elevated privileges, obtain sensitive information or execute arbitrary code. Failed exploits may result in a denial-of-service condition. These issues are being tracked by Android Bug IDs A-79377832, A-72957385, A-109741680, A-77527719, A-109741946, A-111127853, A-111128575, A-111126050, A-111125792, A-111128301, A-111128420, A-111128838, A-111128797, A-111128421, A-111128578, A-111127989, A-111128877, A-111128841, A-111126532, A-112277221, A-112276863, A-112278150, A-112277910, A-112277186, A-112278861, A-112277891, A-112278405, A-112277852, A-120487136*. Qualcomm MDM9206 and others are products of Qualcomm (Qualcomm). MDM9206 is a central processing unit (CPU) product. MDM9607 is a central processing unit (CPU) product. MDM9640 is a central processing unit (CPU) product. A buffer error vulnerability exists in several Qualcomm products. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations. Attackers can exploit this vulnerability to cause buffer overflow or heap overflow, etc

Trust: 2.07

sources: NVD: CVE-2018-11923 // JVNDB: JVNDB-2018-015510 // BID: 107770 // VULHUB: VHN-121831 // VULMON: CVE-2018-11923

AFFECTED PRODUCTS

vendor:qualcommmodel:sd 430scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sda660scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9150scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 845scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9650scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qcs605scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 820ascope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 855scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 636scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 450scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdx20scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdx24scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 712scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm660scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9607scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 625scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm630scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9206scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8996auscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca6574auscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 850scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9640scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 427scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 435scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 710scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 425scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 835scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 670scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9150scope: - version: -

Trust: 0.8

vendor:qualcommmodel:mdm9206scope: - version: -

Trust: 0.8

vendor:qualcommmodel:mdm9607scope: - version: -

Trust: 0.8

vendor:qualcommmodel:mdm9640scope: - version: -

Trust: 0.8

vendor:qualcommmodel:mdm9650scope: - version: -

Trust: 0.8

vendor:qualcommmodel:msm8996auscope: - version: -

Trust: 0.8

vendor:qualcommmodel:qca6574auscope: - version: -

Trust: 0.8

vendor:qualcommmodel:qcs605scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 425scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 427scope: - version: -

Trust: 0.8

vendor:googlemodel:androidscope:eqversion:0

Trust: 0.3

sources: BID: 107770 // JVNDB: JVNDB-2018-015510 // NVD: CVE-2018-11923

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-11923
value: HIGH

Trust: 1.0

NVD: CVE-2018-11923
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201904-112
value: HIGH

Trust: 0.6

VULHUB: VHN-121831
value: MEDIUM

Trust: 0.1

VULMON: CVE-2018-11923
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-11923
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-121831
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-11923
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-121831 // VULMON: CVE-2018-11923 // JVNDB: JVNDB-2018-015510 // CNNVD: CNNVD-201904-112 // NVD: CVE-2018-11923

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

problemtype:CWE-190

Trust: 1.9

sources: VULHUB: VHN-121831 // JVNDB: JVNDB-2018-015510 // NVD: CVE-2018-11923

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201904-112

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201904-112

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-015510

PATCH
title:April 2019 Code Aurora Security Bulletinurl:https://www.codeaurora.org/security-bulletin/2019/04/01/april-2019-code-aurora-security-bulletin
Trust: 0.8
title:Android Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=91031
Trust: 0.6
title:Android Security Bulletins: Android Security Bulletin—April 2019url:https://vulmon.com/vendoradvisory?qidtp=android_security_bulletins&qid=cd95df8ce79ebdc8577685322caeeedf
Trust: 0.1
sources:
            
            
            VULMON: CVE-2018-11923 // 
            
            
            
            JVNDB: JVNDB-2018-015510 // 
            
            
            
            CNNVD: CNNVD-201904-112

EXTERNAL IDS
db:NVDid:CVE-2018-11923
Trust: 2.9
db:BIDid:107770
Trust: 1.0
db:JVNDBid:JVNDB-2018-015510
Trust: 0.8
db:CNNVDid:CNNVD-201904-112
Trust: 0.7
db:VULHUBid:VHN-121831
Trust: 0.1
db:VULMONid:CVE-2018-11923
Trust: 0.1
sources:
            
            
            VULHUB: VHN-121831 // 
            
            
            
            VULMON: CVE-2018-11923 // 
            
            
            
            BID: 107770 // 
            
            
            
            JVNDB: JVNDB-2018-015510 // 
            
            
            
            CNNVD: CNNVD-201904-112 // 
            
            
            
            NVD: CVE-2018-11923

REFERENCES
url:https://www.codeaurora.org/security-bulletin/2019/04/01/april-2019-code-aurora-security-bulletin
Trust: 1.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-11923
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-11923
Trust: 0.8
url:http://www.securityfocus.com/bid/107770
Trust: 0.7
url:https://vigilance.fr/vulnerability/google-android-pixel-multiple-vulnerabilities-of-april-2019-28925
Trust: 0.6
url:https://source.android.com/security/bulletin/2019-04-01.html
Trust: 0.4
url:http://code.google.com/android/
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/119.html
Trust: 0.1
url:https://cwe.mitre.org/data/definitions/190.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULHUB: VHN-121831 // 
            
            
            
            VULMON: CVE-2018-11923 // 
            
            
            
            BID: 107770 // 
            
            
            
            JVNDB: JVNDB-2018-015510 // 
            
            
            
            CNNVD: CNNVD-201904-112 // 
            
            
            
            NVD: CVE-2018-11923

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 107770

SOURCES
db:VULHUBid:VHN-121831
db:VULMONid:CVE-2018-11923
db:BIDid:107770
db:JVNDBid:JVNDB-2018-015510
db:CNNVDid:CNNVD-201904-112
db:NVDid:CVE-2018-11923

LAST UPDATE DATE
2024-08-14T13:26:26.216000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-121831date:2019-05-28T00:00:00
db:VULMONid:CVE-2018-11923date:2019-05-28T00:00:00
db:BIDid:107770date:2019-04-01T00:00:00
db:JVNDBid:JVNDB-2018-015510date:2019-06-10T00:00:00
db:CNNVDid:CNNVD-201904-112date:2019-05-29T00:00:00
db:NVDid:CVE-2018-11923date:2019-05-28T13:34:44.127

SOURCES RELEASE DATE
db:VULHUBid:VHN-121831date:2019-05-24T00:00:00
db:VULMONid:CVE-2018-11923date:2019-05-24T00:00:00
db:BIDid:107770date:2019-04-01T00:00:00
db:JVNDBid:JVNDB-2018-015510date:2019-06-10T00:00:00
db:CNNVDid:CNNVD-201904-112date:2019-04-02T00:00:00
db:NVDid:CVE-2018-11923date:2019-05-24T17:29:01.163