Sign-up

ID

VAR-201906-0997


CVE

CVE-2018-5883


TITLE

plural Snapdragon Vulnerability related to array index verification in products

Trust: 0.8

sources: JVNDB: JVNDB-2018-015623

DESCRIPTION

Buffer overflow in WLAN driver event handlers due to improper validation of array index in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCS405, QCS605, SD 636, SD 675, SD 730, SD 820A, SD 835, SD 855, SDA660, SDM630, SDM660, SDX20, SDX24. plural Snapdragon The product contains a vulnerability related to array index validation.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Qualcomm MDM9206 and other products are products of Qualcomm. The MDM9206 is a central processing unit (CPU) product. The MDM9607 is a central processing unit (CPU) product. The MDM9640 is a central processing unit (CPU) product. WLAN is one of the wireless LAN components. An input validation error vulnerability exists in WLANs in several Qualcomm products. The vulnerability stems from a network system or product that does not properly validate the input data. An exploit can exploit the vulnerability causing a buffer overflow in the WLAN driver event handler. The following products and versions are affected: Qualcomm MDM9206; MDM9607; MDM9640; MDM9650; MSM8996AU; QCS405; QCS605; SD 636;

Trust: 2.25

sources: NVD: CVE-2018-5883 // JVNDB: JVNDB-2018-015623 // CNVD: CNVD-2019-18602 // VULHUB: VHN-135915

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-18602

AFFECTED PRODUCTS

vendor:qualcommmodel:mdm9607scope: - version: -

Trust: 1.4

vendor:qualcommmodel:mdm9206scope: - version: -

Trust: 1.4

vendor:qualcommmodel:msm8996auscope: - version: -

Trust: 1.4

vendor:qualcommmodel:mdm9650scope: - version: -

Trust: 1.4

vendor:qualcommmodel:mdm9640scope: - version: -

Trust: 1.4

vendor:qualcommmodel:qcs605scope: - version: -

Trust: 1.4

vendor:qualcommmodel:mdm9206scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm630scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm660scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8996auscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdx24scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9640scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qcs605scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qcs405scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdx20scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sda660scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 855scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 730scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 835scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 675scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 820ascope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9607scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 636scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9650scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qcs405scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 636scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 675scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 730scope: - version: -

Trust: 0.8

vendor:qualcommmodel:msm8909wscope: - version: -

Trust: 0.6

vendor:qualcommmodel:sdscope:eqversion:835

Trust: 0.6

vendor:qualcommmodel:qca9379scope: - version: -

Trust: 0.6

vendor:qualcommmodel:sdscope:eqversion:625

Trust: 0.6

vendor:qualcommmodel:sdscope:eqversion:636

Trust: 0.6

vendor:qualcommmodel:sdscope:eqversion:820

Trust: 0.6

vendor:qualcommmodel:sd 820ascope: - version: -

Trust: 0.6

vendor:qualcommmodel:sdscope:eqversion:855

Trust: 0.6

vendor:qualcommmodel:sda660scope: - version: -

Trust: 0.6

vendor:qualcommmodel:sdm630scope: - version: -

Trust: 0.6

vendor:qualcommmodel:sdm660scope: - version: -

Trust: 0.6

vendor:qualcommmodel:sdx20scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2019-18602 // JVNDB: JVNDB-2018-015623 // NVD: CVE-2018-5883

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-5883
value: HIGH

Trust: 1.0

NVD: CVE-2018-5883
value: HIGH

Trust: 0.8

CNVD: CNVD-2019-18602
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201906-617
value: HIGH

Trust: 0.6

VULHUB: VHN-135915
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2018-5883
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2019-18602
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-135915
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-5883
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2019-18602 // VULHUB: VHN-135915 // JVNDB: JVNDB-2018-015623 // CNNVD: CNNVD-201906-617 // NVD: CVE-2018-5883

PROBLEMTYPE DATA

problemtype:CWE-129

Trust: 1.9

sources: VULHUB: VHN-135915 // JVNDB: JVNDB-2018-015623 // NVD: CVE-2018-5883

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201906-617

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201906-617

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-015623

PATCH
title:May 2019 Code Aurora Security Bulletinurl:https://www.codeaurora.org/security-bulletin/2019/05/06/may-2019-code-aurora-security-bulletin
Trust: 0.8
title:Patches for WLAN Input Validation Error Vulnerabilities for Multiple Qualcomm Productsurl:https://www.cnvd.org.cn/patchInfo/show/163913
Trust: 0.6
title:Multiple Qualcomm product WLAN Enter the fix for the verification error vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=93833
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-18602 // 
            
            
            
            JVNDB: JVNDB-2018-015623 // 
            
            
            
            CNNVD: CNNVD-201906-617

EXTERNAL IDS
db:NVDid:CVE-2018-5883
Trust: 3.1
db:JVNDBid:JVNDB-2018-015623
Trust: 0.8
db:CNNVDid:CNNVD-201906-617
Trust: 0.7
db:CNVDid:CNVD-2019-18602
Trust: 0.6
db:VULHUBid:VHN-135915
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2019-18602 // 
            
            
            
            VULHUB: VHN-135915 // 
            
            
            
            JVNDB: JVNDB-2018-015623 // 
            
            
            
            CNNVD: CNNVD-201906-617 // 
            
            
            
            NVD: CVE-2018-5883

REFERENCES
url:https://nvd.nist.gov/vuln/detail/cve-2018-5883
Trust: 2.0
url:https://www.codeaurora.org/security-bulletin/2019/05/06/may-2019-code-aurora-security-bulletin
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-5883
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2019-18602 // 
            
            
            
            VULHUB: VHN-135915 // 
            
            
            
            JVNDB: JVNDB-2018-015623 // 
            
            
            
            CNNVD: CNNVD-201906-617 // 
            
            
            
            NVD: CVE-2018-5883

SOURCES
db:CNVDid:CNVD-2019-18602
db:VULHUBid:VHN-135915
db:JVNDBid:JVNDB-2018-015623
db:CNNVDid:CNNVD-201906-617
db:NVDid:CVE-2018-5883

LAST UPDATE DATE
2024-11-23T22:30:01.095000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-18602date:2019-06-19T00:00:00
db:VULHUBid:VHN-135915date:2019-06-17T00:00:00
db:JVNDBid:JVNDB-2018-015623date:2019-06-20T00:00:00
db:CNNVDid:CNNVD-201906-617date:2019-06-18T00:00:00
db:NVDid:CVE-2018-5883date:2024-11-21T04:09:38.027

SOURCES RELEASE DATE
db:CNVDid:CNVD-2019-18602date:2019-06-19T00:00:00
db:VULHUBid:VHN-135915date:2019-06-14T00:00:00
db:JVNDBid:JVNDB-2018-015623date:2019-06-20T00:00:00
db:CNNVDid:CNNVD-201906-617date:2019-06-14T00:00:00
db:NVDid:CVE-2018-5883date:2019-06-14T17:29:01.127