ID

VAR-201906-0814


CVE

CVE-2018-11929


TITLE

plural Snapdragon Product buffer error vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-015634

DESCRIPTION

Lack of input validation in WLAN function can lead to potential heap overflow in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCS405, QCS605, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 636, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDM630, SDM660, SDX20, SDX24. plural Snapdragon The product contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Qualcomm MDM9206 and other products are products of Qualcomm. The MDM9206 is a central processing unit (CPU) product. The MDM9607 is a central processing unit (CPU) product. The SDX20 is a modem. A buffer overflow vulnerability exists in the WLAN feature in several Qualcomm products. The vulnerability stems from a network system or product that does not properly validate data boundaries when performing operations on memory, causing erroneous read and write operations to be performed on other associated memory locations. An attacker could exploit the vulnerability to cause a buffer overflow or heap overflow

Trust: 2.25

sources: NVD: CVE-2018-11929 // JVNDB: JVNDB-2018-015634 // CNVD: CNVD-2019-18596 // VULHUB: VHN-121837

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-18596

AFFECTED PRODUCTS

vendor:qualcommmodel:mdm9607scope: - version: -

Trust: 1.4

vendor:qualcommmodel:mdm9206scope: - version: -

Trust: 1.4

vendor:qualcommmodel:msm8996auscope: - version: -

Trust: 1.4

vendor:qualcommmodel:mdm9650scope: - version: -

Trust: 1.4

vendor:qualcommmodel:mdm9640scope: - version: -

Trust: 1.4

vendor:qualcommmodel:qcs605scope: - version: -

Trust: 1.4

vendor:qualcommmodel:mdm9150scope: - version: -

Trust: 1.4

vendor:qualcommmodel:qcs405scope: - version: -

Trust: 1.4

vendor:qualcommmodel:msm8996auscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdx24scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qcs605scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qcs405scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 427scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 835scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 710scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 425scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 675scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 820ascope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9607scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 730scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9650scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 850scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9206scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm630scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm660scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 845scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 450scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9640scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9150scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 670scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdx20scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 435scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 855scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 430scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 712scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 636scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 625scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 425scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 427scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sdscope:eqversion:425

Trust: 0.6

sources: CNVD: CNVD-2019-18596 // JVNDB: JVNDB-2018-015634 // NVD: CVE-2018-11929

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-11929
value: HIGH

Trust: 1.0

NVD: CVE-2018-11929
value: HIGH

Trust: 0.8

CNVD: CNVD-2019-18596
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201906-606
value: HIGH

Trust: 0.6

VULHUB: VHN-121837
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-11929
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2019-18596
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-121837
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-11929
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2019-18596 // VULHUB: VHN-121837 // JVNDB: JVNDB-2018-015634 // CNNVD: CNNVD-201906-606 // NVD: CVE-2018-11929

PROBLEMTYPE DATA

problemtype:CWE-787

Trust: 1.1

problemtype:CWE-119

Trust: 0.9

sources: VULHUB: VHN-121837 // JVNDB: JVNDB-2018-015634 // NVD: CVE-2018-11929

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201906-606

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201906-606

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-015634

PATCH

title:May 2019 Code Aurora Security Bulletinurl:https://www.codeaurora.org/security-bulletin/2019/05/06/may-2019-code-aurora-security-bulletin

Trust: 0.8

title:Patches for multiple Qualcomm Product Buffer Overflow Vulnerabilities (CNVD-2019-18596)url:https://www.cnvd.org.cn/patchInfo/show/163923

Trust: 0.6

title:Multiple Qualcomm Product Buffer Error Vulnerability Fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=93823

Trust: 0.6

sources: CNVD: CNVD-2019-18596 // JVNDB: JVNDB-2018-015634 // CNNVD: CNNVD-201906-606

EXTERNAL IDS

db:NVDid:CVE-2018-11929

Trust: 3.1

db:JVNDBid:JVNDB-2018-015634

Trust: 0.8

db:CNNVDid:CNNVD-201906-606

Trust: 0.7

db:CNVDid:CNVD-2019-18596

Trust: 0.6

db:VULHUBid:VHN-121837

Trust: 0.1

sources: CNVD: CNVD-2019-18596 // VULHUB: VHN-121837 // JVNDB: JVNDB-2018-015634 // CNNVD: CNNVD-201906-606 // NVD: CVE-2018-11929

REFERENCES

url:https://nvd.nist.gov/vuln/detail/cve-2018-11929

Trust: 2.0

url:https://www.codeaurora.org/security-bulletin/2019/05/06/may-2019-code-aurora-security-bulletin

Trust: 1.7

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-11929

Trust: 0.8

url:https://vigilance.fr/vulnerability/google-android-os-multiple-vulnerabilities-30243

Trust: 0.6

sources: CNVD: CNVD-2019-18596 // VULHUB: VHN-121837 // JVNDB: JVNDB-2018-015634 // CNNVD: CNNVD-201906-606 // NVD: CVE-2018-11929

SOURCES

db:CNVDid:CNVD-2019-18596
db:VULHUBid:VHN-121837
db:JVNDBid:JVNDB-2018-015634
db:CNNVDid:CNNVD-201906-606
db:NVDid:CVE-2018-11929

LAST UPDATE DATE

2024-11-23T22:25:54.926000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2019-18596date:2019-06-19T00:00:00
db:VULHUBid:VHN-121837date:2020-08-24T00:00:00
db:JVNDBid:JVNDB-2018-015634date:2019-06-21T00:00:00
db:CNNVDid:CNNVD-201906-606date:2020-08-25T00:00:00
db:NVDid:CVE-2018-11929date:2024-11-21T03:44:16.250

SOURCES RELEASE DATE

db:CNVDid:CNVD-2019-18596date:2019-06-19T00:00:00
db:VULHUBid:VHN-121837date:2019-06-14T00:00:00
db:JVNDBid:JVNDB-2018-015634date:2019-06-21T00:00:00
db:CNNVDid:CNNVD-201906-606date:2019-06-14T00:00:00
db:NVDid:CVE-2018-11929date:2019-06-14T17:29:00.317