Sign-up

ID

VAR-201907-0878


CVE

CVE-2019-2277


TITLE

plural Snapdragon Product out-of-bounds vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-006572

DESCRIPTION

Out of bound read can happen due to lack of NULL termination on user controlled data in WLAN in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in MSM8996AU, QCS405, QCS605, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM630, SDM660, SDX24. plural Snapdragon The product contains an out-of-bounds vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. QualcommMSM8996AU and other products are all products of Qualcomm. The MSM8996AU is a central processing unit (CPU) product. The SD210 is a central processing unit (CPU) product. The SDX24 is a modem. A buffer overflow vulnerability exists in several Qualcomm products that could allow an attacker to cause a buffer overflow or heap overflow

Trust: 2.34

sources: NVD: CVE-2019-2277 // JVNDB: JVNDB-2019-006572 // CNVD: CNVD-2019-24404 // VULHUB: VHN-153712 // VULMON: CVE-2019-2277

IOT TAXONOMY

category:['ICS', 'Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-24404

AFFECTED PRODUCTS

vendor:qualcommmodel:msm8996auscope: - version: -

Trust: 1.4

vendor:qualcommmodel:qcs405scope: - version: -

Trust: 1.4

vendor:qualcommmodel:qcs605scope: - version: -

Trust: 1.4

vendor:qualcommmodel:msm8996auscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdx24scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qcs405scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 427scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 205scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 212scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qcs605scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sda660scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 835scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 710scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 425scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 675scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 820ascope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 730scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 850scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm630scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm660scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 845scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 450scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 670scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 435scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 855scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 430scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 210scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 665scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 712scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 636scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 625scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 205scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 210scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 212scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 425scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 427scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 430scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 435scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sdscope:eqversion:210

Trust: 0.6

vendor:qualcommmodel:sdscope:eqversion:212

Trust: 0.6

vendor:qualcommmodel:sdscope:eqversion:205

Trust: 0.6

vendor:qualcommmodel:sdscope:eqversion:425

Trust: 0.6

vendor:qualcommmodel:sdscope:eqversion:450

Trust: 0.6

vendor:qualcommmodel:sdscope:eqversion:625

Trust: 0.6

vendor:qualcommmodel:sd 820ascope: - version: -

Trust: 0.6

vendor:qualcommmodel:sdscope:eqversion:430

Trust: 0.6

vendor:qualcommmodel:sdscope:eqversion:427

Trust: 0.6

vendor:qualcommmodel:sdscope:eqversion:435

Trust: 0.6

vendor:qualcommmodel:sdm660scope: - version: -

Trust: 0.6

vendor:qualcommmodel:sdscope:eqversion:845

Trust: 0.6

vendor:qualcommmodel:sdscope:eqversion:835

Trust: 0.6

vendor:qualcommmodel:sdscope:eqversion:850

Trust: 0.6

vendor:qualcommmodel:sda660scope: - version: -

Trust: 0.6

vendor:qualcommmodel:sdx24scope: - version: -

Trust: 0.6

vendor:qualcommmodel:sdscope:eqversion:636

Trust: 0.6

vendor:qualcommmodel:sdscope:eqversion:710

Trust: 0.6

vendor:qualcommmodel:sdscope:eqversion:670

Trust: 0.6

vendor:qualcommmodel:sdscope:eqversion:855

Trust: 0.6

vendor:qualcommmodel:sdscope:eqversion:675

Trust: 0.6

vendor:qualcommmodel:sdm630scope: - version: -

Trust: 0.6

vendor:qualcommmodel:sdscope:eqversion:712

Trust: 0.6

vendor:qualcommmodel:sdscope:eqversion:730

Trust: 0.6

vendor:qualcommmodel:sdscope:eqversion:665

Trust: 0.6

sources: CNVD: CNVD-2019-24404 // JVNDB: JVNDB-2019-006572 // NVD: CVE-2019-2277

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-2277
value: HIGH

Trust: 1.0

NVD: CVE-2019-2277
value: HIGH

Trust: 0.8

CNVD: CNVD-2019-24404
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201907-1164
value: HIGH

Trust: 0.6

VULHUB: VHN-153712
value: MEDIUM

Trust: 0.1

VULMON: CVE-2019-2277
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-2277
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2019-24404
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-153712
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-2277
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2019-24404 // VULHUB: VHN-153712 // VULMON: CVE-2019-2277 // JVNDB: JVNDB-2019-006572 // CNNVD: CNNVD-201907-1164 // NVD: CVE-2019-2277

PROBLEMTYPE DATA

problemtype:CWE-125

Trust: 1.9

sources: VULHUB: VHN-153712 // JVNDB: JVNDB-2019-006572 // NVD: CVE-2019-2277

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201907-1164

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201907-1164

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-006572

PATCH
title:June 2019 Code Aurora Security Bulletinurl:https://www.codeaurora.org/security-bulletin/2019/06/03/june-2019-code-aurora-security-bulletin
Trust: 0.8
title:Patches for multiple Qualcomm Product Buffer Overflow Vulnerabilities (CNVD-2019-24404)url:https://www.cnvd.org.cn/patchInfo/show/171797
Trust: 0.6
title:Multiple Qualcomm Product Buffer Error Vulnerability Fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=95350
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-24404 // 
            
            
            
            JVNDB: JVNDB-2019-006572 // 
            
            
            
            CNNVD: CNNVD-201907-1164

EXTERNAL IDS
db:NVDid:CVE-2019-2277
Trust: 3.2
db:JVNDBid:JVNDB-2019-006572
Trust: 0.8
db:CNVDid:CNVD-2019-24404
Trust: 0.6
db:CNNVDid:CNNVD-201907-1164
Trust: 0.6
db:VULHUBid:VHN-153712
Trust: 0.1
db:VULMONid:CVE-2019-2277
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2019-24404 // 
            
            
            
            VULHUB: VHN-153712 // 
            
            
            
            VULMON: CVE-2019-2277 // 
            
            
            
            JVNDB: JVNDB-2019-006572 // 
            
            
            
            CNNVD: CNNVD-201907-1164 // 
            
            
            
            NVD: CVE-2019-2277

REFERENCES
url:https://www.codeaurora.org/security-bulletin/2019/06/03/june-2019-code-aurora-security-bulletin
Trust: 2.4
url:https://nvd.nist.gov/vuln/detail/cve-2019-2277
Trust: 2.0
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-2277
Trust: 0.8
url:https://vigilance.fr/vulnerability/google-android-os-multiple-vulnerabilities-30243
Trust: 0.6
url:https://cwe.mitre.org/data/definitions/125.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2019-24404 // 
            
            
            
            VULHUB: VHN-153712 // 
            
            
            
            VULMON: CVE-2019-2277 // 
            
            
            
            JVNDB: JVNDB-2019-006572 // 
            
            
            
            CNNVD: CNNVD-201907-1164 // 
            
            
            
            NVD: CVE-2019-2277

SOURCES
db:CNVDid:CNVD-2019-24404
db:VULHUBid:VHN-153712
db:VULMONid:CVE-2019-2277
db:JVNDBid:JVNDB-2019-006572
db:CNNVDid:CNNVD-201907-1164
db:NVDid:CVE-2019-2277

LAST UPDATE DATE
2024-11-23T22:41:27.397000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-24404date:2019-07-26T00:00:00
db:VULHUBid:VHN-153712date:2019-07-22T00:00:00
db:VULMONid:CVE-2019-2277date:2019-07-22T00:00:00
db:JVNDBid:JVNDB-2019-006572date:2019-07-23T00:00:00
db:CNNVDid:CNNVD-201907-1164date:2019-09-05T00:00:00
db:NVDid:CVE-2019-2277date:2024-11-21T04:40:36.193

SOURCES RELEASE DATE
db:CNVDid:CNVD-2019-24404date:2019-07-26T00:00:00
db:VULHUBid:VHN-153712date:2019-07-22T00:00:00
db:VULMONid:CVE-2019-2277date:2019-07-22T00:00:00
db:JVNDBid:JVNDB-2019-006572date:2019-07-23T00:00:00
db:CNNVDid:CNNVD-201907-1164date:2019-07-22T00:00:00
db:NVDid:CVE-2019-2277date:2019-07-22T14:15:11.847