Details of VAR-201907-0877

ID

VAR-201907-0877

CVE

CVE-2019-2276

TITLE

plural Snapdragon Product out-of-bounds vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-006960

DESCRIPTION

Possible out of bound read occurs while processing beaconing request due to lack of check on action frames received from user controlled space in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Mobile, Snapdragon Voice & Music in MDM9607, MSM8996AU, QCA6174A, QCA6574AU, QCA9377, QCA9379, QCS405, QCS605, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820A, SD 845 / SD 850, SD 855, SDM630, SDM660, SDX24. plural Snapdragon The product contains an out-of-bounds vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Qualcomm MDM9607 and others are products of Qualcomm (Qualcomm). MDM9607 is a central processing unit (CPU) product. MSM8996AU is a central processing unit (CPU) product. SDX24 is a modem. A buffer error vulnerability exists in WLAN in several Qualcomm products. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations. Attackers can exploit this vulnerability to cause buffer overflow or heap overflow, etc. The following products and versions are affected: Qualcomm MDM9607; MSM8996AU; QCA6174A; QCA6574AU; QCA9377; QCA9379; ; SD 850; SD 855; SDM630; SDM660; SDX24

Trust: 1.8

sources: NVD: CVE-2019-2276 // JVNDB: JVNDB-2019-006960 // VULHUB: VHN-153711 // VULMON: CVE-2019-2276

AFFECTED PRODUCTS

vendor:	qualcomm	model:	qca9379	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	msm8996au	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdx24	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qcs405	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qcs605	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 710	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 675	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 820a	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	mdm9607	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca9377	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 730	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 850	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdm630	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdm660	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca6574au	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 845	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca6174a	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 670	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 855	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 665	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 712	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 636	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	mdm9607	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	msm8996au	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	qca6174a	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	qca6574au	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	qca9377	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	qca9379	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	qcs405	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	qcs605	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	sd 636	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	sd 665	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2019-006960 // NVD: CVE-2019-2276

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-2276
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2019-2276
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-201907-077
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-153711
value:	HIGH
Trust: 0.1
VULMON:	CVE-2019-2276
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2019-2276
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-153711
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-2276
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-153711 // VULMON: CVE-2019-2276 // JVNDB: JVNDB-2019-006960 // CNNVD: CNNVD-201907-077 // NVD: CVE-2019-2276

PROBLEMTYPE DATA

problemtype:

CWE-125

Trust: 1.9

sources: VULHUB: VHN-153711 // JVNDB: JVNDB-2019-006960 // NVD: CVE-2019-2276

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201907-077

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201907-077

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-006960

PATCH

title:	July 2019 Code Aurora Security Bulletin	url:	https://www.codeaurora.org/security-bulletin/2019/07/01/july-2019-code-aurora-security-bulletin	Trust: 0.8
title:	Android Qualcomm WLAN HOST Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=94311	Trust: 0.6
title:	The Register	url:	https://www.theregister.co.uk/2019/07/01/july_android_fixes/	Trust: 0.1

sources: VULMON: CVE-2019-2276 // JVNDB: JVNDB-2019-006960 // CNNVD: CNNVD-201907-077

EXTERNAL IDS

db:	NVD	id:	CVE-2019-2276	Trust: 2.6
db:	JVNDB	id:	JVNDB-2019-006960	Trust: 0.8
db:	CNNVD	id:	CNNVD-201907-077	Trust: 0.7
db:	VULHUB	id:	VHN-153711	Trust: 0.1
db:	VULMON	id:	CVE-2019-2276	Trust: 0.1

sources: VULHUB: VHN-153711 // VULMON: CVE-2019-2276 // JVNDB: JVNDB-2019-006960 // CNNVD: CNNVD-201907-077 // NVD: CVE-2019-2276

REFERENCES

url:	https://www.codeaurora.org/security-bulletin/2019/07/01/july-2019-code-aurora-security-bulletin	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-2276	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-2276	Trust: 0.8
url:	https://vigilance.fr/vulnerability/google-android-multiple-vulnerabilities-of-july-2019-29673	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/125.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://www.theregister.co.uk/2019/07/01/july_android_fixes/	Trust: 0.1

sources: VULHUB: VHN-153711 // VULMON: CVE-2019-2276 // JVNDB: JVNDB-2019-006960 // CNNVD: CNNVD-201907-077 // NVD: CVE-2019-2276

SOURCES

db:	VULHUB	id:	VHN-153711
db:	VULMON	id:	CVE-2019-2276
db:	JVNDB	id:	JVNDB-2019-006960
db:	CNNVD	id:	CNNVD-201907-077
db:	NVD	id:	CVE-2019-2276

LAST UPDATE DATE

2024-11-23T22:16:57.255000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-153711	date:	2019-07-29T00:00:00
db:	VULMON	id:	CVE-2019-2276	date:	2019-07-29T00:00:00
db:	JVNDB	id:	JVNDB-2019-006960	date:	2019-07-30T00:00:00
db:	CNNVD	id:	CNNVD-201907-077	date:	2019-07-30T00:00:00
db:	NVD	id:	CVE-2019-2276	date:	2024-11-21T04:40:36.043

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-153711	date:	2019-07-25T00:00:00
db:	VULMON	id:	CVE-2019-2276	date:	2019-07-25T00:00:00
db:	JVNDB	id:	JVNDB-2019-006960	date:	2019-07-30T00:00:00
db:	CNNVD	id:	CNNVD-201907-077	date:	2019-07-02T00:00:00
db:	NVD	id:	CVE-2019-2276	date:	2019-07-25T17:15:12.753