Sign-up

ID

VAR-201907-0617


CVE

CVE-2019-2299


TITLE

plural Snapdragon Product integer overflow vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-007001

DESCRIPTION

An out-of-bound write can be triggered by a specially-crafted command supplied by a userspace application. in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in IPQ4019, IPQ8064, IPQ8074, MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA6174A, QCA6574AU, QCA8081, QCA9377, QCA9379, QCS605, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 600, SD 625, SD 636, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDM660, SDX20, SDX24. plural Snapdragon The product contains an integer overflow vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Qualcomm MDM9206 and others are products of Qualcomm (Qualcomm). MDM9206 is a central processing unit (CPU) product. MDM9607 is a central processing unit (CPU) product. SDX24 is a modem. An input validation error vulnerability exists in WLAN in several Qualcomm products. The vulnerability stems from the failure of the network system or product to properly validate the input data

Trust: 1.71

sources: NVD: CVE-2019-2299 // JVNDB: JVNDB-2019-007001 // VULHUB: VHN-153734

AFFECTED PRODUCTS

vendor:qualcommmodel:qca9379scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdx24scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 427scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 710scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 425scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 675scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 820ascope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9607scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca9377scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 730scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:ipq4019scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9206scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm660scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 450scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:ipq8074scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9640scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9150scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca8081scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 435scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 712scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 625scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8996auscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qcs605scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 205scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 212scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 835scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:ipq8064scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9650scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 850scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca6574auscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 845scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca6174ascope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 820scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 600scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 670scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdx20scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 855scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 430scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 210scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 636scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:ipq4019scope: - version: -

Trust: 0.8

vendor:qualcommmodel:ipq8064scope: - version: -

Trust: 0.8

vendor:qualcommmodel:ipq8074scope: - version: -

Trust: 0.8

vendor:qualcommmodel:mdm9150scope: - version: -

Trust: 0.8

vendor:qualcommmodel:mdm9206scope: - version: -

Trust: 0.8

vendor:qualcommmodel:mdm9607scope: - version: -

Trust: 0.8

vendor:qualcommmodel:mdm9640scope: - version: -

Trust: 0.8

vendor:qualcommmodel:mdm9650scope: - version: -

Trust: 0.8

vendor:qualcommmodel:msm8996auscope: - version: -

Trust: 0.8

vendor:qualcommmodel:qca6174ascope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2019-007001 // NVD: CVE-2019-2299

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-2299
value: HIGH

Trust: 1.0

NVD: CVE-2019-2299
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201907-1327
value: HIGH

Trust: 0.6

VULHUB: VHN-153734
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-2299
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-153734
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-2299
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-153734 // JVNDB: JVNDB-2019-007001 // CNNVD: CNNVD-201907-1327 // NVD: CVE-2019-2299

PROBLEMTYPE DATA

problemtype:CWE-787

Trust: 1.1

problemtype:CWE-190

Trust: 0.9

sources: VULHUB: VHN-153734 // JVNDB: JVNDB-2019-007001 // NVD: CVE-2019-2299

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201907-1327

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201907-1327

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-007001

PATCH
title:July 2019 Code Aurora Security Bulletinurl:https://www.codeaurora.org/security-bulletin/2019/07/01/july-2019-code-aurora-security-bulletin
Trust: 0.8
title:Multiple Qualcomm product WLAN Buffer error vulnerability fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=95474
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-007001 // 
            
            
            
            CNNVD: CNNVD-201907-1327

EXTERNAL IDS
db:NVDid:CVE-2019-2299
Trust: 2.5
db:JVNDBid:JVNDB-2019-007001
Trust: 0.8
db:CNNVDid:CNNVD-201907-1327
Trust: 0.7
db:VULHUBid:VHN-153734
Trust: 0.1
sources:
            
            
            VULHUB: VHN-153734 // 
            
            
            
            JVNDB: JVNDB-2019-007001 // 
            
            
            
            CNNVD: CNNVD-201907-1327 // 
            
            
            
            NVD: CVE-2019-2299

REFERENCES
url:https://www.codeaurora.org/security-bulletin/2019/07/01/july-2019-code-aurora-security-bulletin
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2019-2299
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-2299
Trust: 0.8
url:https://vigilance.fr/vulnerability/google-android-os-multiple-vulnerabilities-30243
Trust: 0.6
sources:
            
            
            VULHUB: VHN-153734 // 
            
            
            
            JVNDB: JVNDB-2019-007001 // 
            
            
            
            CNNVD: CNNVD-201907-1327 // 
            
            
            
            NVD: CVE-2019-2299

SOURCES
db:VULHUBid:VHN-153734
db:JVNDBid:JVNDB-2019-007001
db:CNNVDid:CNNVD-201907-1327
db:NVDid:CVE-2019-2299

LAST UPDATE DATE
2024-11-23T21:59:50.090000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-153734date:2020-08-24T00:00:00
db:JVNDBid:JVNDB-2019-007001date:2019-07-31T00:00:00
db:CNNVDid:CNNVD-201907-1327date:2020-10-28T00:00:00
db:NVDid:CVE-2019-2299date:2024-11-21T04:40:38.980

SOURCES RELEASE DATE
db:VULHUBid:VHN-153734date:2019-07-25T00:00:00
db:JVNDBid:JVNDB-2019-007001date:2019-07-31T00:00:00
db:CNNVDid:CNNVD-201907-1327date:2019-07-25T00:00:00
db:NVDid:CVE-2019-2299date:2019-07-25T17:15:13.113