Sign-up

ID

VAR-201907-0880


CVE

CVE-2019-2279


TITLE

plural Snapdragon Product buffer error vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-006653

DESCRIPTION

Shared memory gets updated with invalid data and may lead to access beyond the allocated memory. in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9607, MDM9650, MSM8909W, MSM8996AU, QCA6574AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24, Snapdragon_High_Med_2016. plural Snapdragon The product contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Qualcomm MDM9607 and other products are products of Qualcomm. The MDM9607 is a central processing unit (CPU) product. The MDM9650 is a central processing unit (CPU) product. The SDX20 is a modem. An attacker could exploit this vulnerability to cause memory out of bounds access

Trust: 2.25

sources: NVD: CVE-2019-2279 // JVNDB: JVNDB-2019-006653 // CNVD: CNVD-2019-27321 // VULHUB: VHN-153714

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-27321

AFFECTED PRODUCTS

vendor:qualcommmodel:mdm9607scope: - version: -

Trust: 1.4

vendor:qualcommmodel:mdm9650scope: - version: -

Trust: 1.4

vendor:qualcommmodel:msm8909wscope: - version: -

Trust: 1.4

vendor:qualcommmodel:msm8996auscope: - version: -

Trust: 1.4

vendor:qualcommmodel:qcs605scope: - version: -

Trust: 1.4

vendor:qualcommmodel:mdm9150scope: - version: -

Trust: 1.4

vendor:qualcommmodel:qca6574auscope: - version: -

Trust: 1.4

vendor:qualcommmodel:qcs405scope: - version: -

Trust: 1.4

vendor:qualcommmodel:sdx24scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qcs405scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sda660scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 710scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 425scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 675scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 429scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:215scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9607scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 820ascope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 730scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm660scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 450scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9150scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 439scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 665scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 712scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 625scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 632scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8996auscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qcs605scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 205scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 212scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 835scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:snapdragon high med 2016scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9650scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 850scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm630scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca6574auscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 845scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 820scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm439scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8909wscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 670scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdx20scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 855scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 210scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 636scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:215scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 210scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sdscope:eqversion:210

Trust: 0.6

vendor:qualcommmodel:sdscope:eqversion:212

Trust: 0.6

vendor:qualcommmodel:sdscope:eqversion:205

Trust: 0.6

vendor:qualcommmodel:sdscope:eqversion:845

Trust: 0.6

vendor:qualcommmodel:sdscope:eqversion:850

Trust: 0.6

vendor:qualcommmodel:sdx20scope: - version: -

Trust: 0.6

vendor:qualcommmodel:sdscope:eqversion:425

Trust: 0.6

vendor:qualcommmodel:sdscope:eqversion:450

Trust: 0.6

vendor:qualcommmodel:sdscope:eqversion:820

Trust: 0.6

vendor:qualcommmodel:sd 820ascope: - version: -

Trust: 0.6

vendor:qualcommmodel:sdscope:eqversion:835

Trust: 0.6

vendor:qualcommmodel:sdm439scope: - version: -

Trust: 0.6

vendor:qualcommmodel:snapdragon high med 2016scope: - version: -

Trust: 0.6

vendor:qualcommmodel:sda660scope: - version: -

Trust: 0.6

vendor:qualcommmodel:sdx24scope: - version: -

Trust: 0.6

vendor:qualcommmodel:sdscope:eqversion:632

Trust: 0.6

vendor:qualcommmodel:sdscope:eqversion:439

Trust: 0.6

vendor:qualcommmodel:sdscope:eqversion:429

Trust: 0.6

vendor:qualcommmodel:sdscope:eqversion:636

Trust: 0.6

vendor:qualcommmodel:sdscope:eqversion:712

Trust: 0.6

vendor:qualcommmodel:sdscope:eqversion:710

Trust: 0.6

vendor:qualcommmodel:sdscope:eqversion:670

Trust: 0.6

vendor:qualcommmodel:sdscope:eqversion:855

Trust: 0.6

vendor:qualcommmodel:qualcommscope:eqversion:215

Trust: 0.6

vendor:qualcommmodel:sdscope:eqversion:625

Trust: 0.6

vendor:qualcommmodel:sdm630scope: - version: -

Trust: 0.6

vendor:qualcommmodel:sdm660scope: - version: -

Trust: 0.6

vendor:qualcommmodel:sdscope:eqversion:675

Trust: 0.6

vendor:qualcommmodel:sdscope:eqversion:730

Trust: 0.6

vendor:qualcommmodel:sdscope:eqversion:665

Trust: 0.6

sources: CNVD: CNVD-2019-27321 // JVNDB: JVNDB-2019-006653 // NVD: CVE-2019-2279

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-2279
value: CRITICAL

Trust: 1.0

NVD: CVE-2019-2279
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2019-27321
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201907-1166
value: CRITICAL

Trust: 0.6

VULHUB: VHN-153714
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-2279
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2019-27321
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-153714
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-2279
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2019-27321 // VULHUB: VHN-153714 // JVNDB: JVNDB-2019-006653 // CNNVD: CNNVD-201907-1166 // NVD: CVE-2019-2279

PROBLEMTYPE DATA

problemtype:CWE-787

Trust: 1.1

problemtype:CWE-119

Trust: 0.9

sources: VULHUB: VHN-153714 // JVNDB: JVNDB-2019-006653 // NVD: CVE-2019-2279

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201907-1166

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201907-1166

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-006653

PATCH
title:June 2019 Code Aurora Security Bulletinurl:https://www.codeaurora.org/security-bulletin/2019/06/03/june-2019-code-aurora-security-bulletin
Trust: 0.8
title:Patches for multiple Qualcomm Product Buffer Overflow Vulnerabilities (CNVD-2019-27321)url:https://www.cnvd.org.cn/patchInfo/show/175013
Trust: 0.6
title:Multiple Qualcomm Product security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=95352
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-27321 // 
            
            
            
            JVNDB: JVNDB-2019-006653 // 
            
            
            
            CNNVD: CNNVD-201907-1166

EXTERNAL IDS
db:NVDid:CVE-2019-2279
Trust: 3.1
db:JVNDBid:JVNDB-2019-006653
Trust: 0.8
db:CNNVDid:CNNVD-201907-1166
Trust: 0.7
db:CNVDid:CNVD-2019-27321
Trust: 0.6
db:VULHUBid:VHN-153714
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2019-27321 // 
            
            
            
            VULHUB: VHN-153714 // 
            
            
            
            JVNDB: JVNDB-2019-006653 // 
            
            
            
            CNNVD: CNNVD-201907-1166 // 
            
            
            
            NVD: CVE-2019-2279

REFERENCES
url:https://www.codeaurora.org/security-bulletin/2019/06/03/june-2019-code-aurora-security-bulletin
Trust: 2.3
url:https://nvd.nist.gov/vuln/detail/cve-2019-2279
Trust: 2.0
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-2279
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2019-27321 // 
            
            
            
            VULHUB: VHN-153714 // 
            
            
            
            JVNDB: JVNDB-2019-006653 // 
            
            
            
            CNNVD: CNNVD-201907-1166 // 
            
            
            
            NVD: CVE-2019-2279

SOURCES
db:CNVDid:CNVD-2019-27321
db:VULHUBid:VHN-153714
db:JVNDBid:JVNDB-2019-006653
db:CNNVDid:CNNVD-201907-1166
db:NVDid:CVE-2019-2279

LAST UPDATE DATE
2024-11-23T23:04:44.854000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-27321date:2019-08-14T00:00:00
db:VULHUBid:VHN-153714date:2020-08-24T00:00:00
db:JVNDBid:JVNDB-2019-006653date:2019-07-24T00:00:00
db:CNNVDid:CNNVD-201907-1166date:2020-08-25T00:00:00
db:NVDid:CVE-2019-2279date:2024-11-21T04:40:36.487

SOURCES RELEASE DATE
db:CNVDid:CNVD-2019-27321date:2019-08-14T00:00:00
db:VULHUBid:VHN-153714date:2019-07-22T00:00:00
db:JVNDBid:JVNDB-2019-006653date:2019-07-24T00:00:00
db:CNNVDid:CNNVD-201907-1166date:2019-07-22T00:00:00
db:NVDid:CVE-2019-2279date:2019-07-22T14:15:12.207