ID
VAR-201907-0883
CVE
CVE-2019-2253
TITLE
plural Snapdragon Vulnerability related to input validation in products
Trust: 0.8
DESCRIPTION
Buffer over-read can occur while parsing an ogg file with a corrupted comment block. in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 600, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20. plural Snapdragon The product contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Qualcomm MDM9206, etc. are all products of Qualcomm. MDM9206 is a central processing unit (CPU) product. MDM9607 is a central processing unit (CPU) product. SDX20 is a modem. Input validation error vulnerabilities exist in many Qualcomm products. The vulnerability stems from the fact that the network system or product did not correctly verify the input data. There is currently no detailed vulnerability details provided. Qualcomm Closed-Source Components are prone to multiple unspecified vulnerabilities. An attacker can exploit these issues to perform unauthorized actions. This may aid in further attacks. These issues are being tracked by Android Bug IDs A-129766496, A-129766125, A-122473271, A-122474808, A-122472479, A-122473168, A-122473304, A-122473496, A-122473989, A-129766432, A-129766099 and A-129766299
Trust: 2.61
IOT TAXONOMY
| category: | ['Network device'] | sub_category: | - | Trust: 0.6 |
AFFECTED PRODUCTS
| vendor: | qualcomm | model: | qcs405 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 427 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sda660 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 710 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 425 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 675 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 429 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | 215 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | mdm9607 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 820a | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 730 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 615 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | mdm9206 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sdm660 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 450 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 616 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | mdm9150 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 439 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 435 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 665 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 712 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 625 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 632 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | msm8996au | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 415 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | qcs605 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 205 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 212 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 835 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | mdm9650 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 850 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sdm630 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 845 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 820 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sdm439 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 600 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | msm8909w | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 670 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sdx20 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 855 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 430 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 210 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 636 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | mdm9150 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | mdm9206 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | mdm9607 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | mdm9650 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | msm8909w | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | msm8996au | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | qcs405 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | qcs605 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | 215 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | sd 210 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | qcs605 no | scope: | - | version: | - | Trust: 0.6 |
| vendor: | qualcomm | model: | sd no | scope: | eq | version: | 425 | Trust: 0.6 |
| vendor: | qualcomm | model: | sd no | scope: | eq | version: | 427 | Trust: 0.6 |
| vendor: | qualcomm | model: | sd no | scope: | eq | version: | 430 | Trust: 0.6 |
| vendor: | qualcomm | model: | sd no | scope: | eq | version: | 435 | Trust: 0.6 |
| vendor: | qualcomm | model: | sd no | scope: | eq | version: | 450 | Trust: 0.6 |
| vendor: | qualcomm | model: | sd no | scope: | eq | version: | 625 | Trust: 0.6 |
| vendor: | qualcomm | model: | sd | scope: | eq | version: | 636 | Trust: 0.6 |
| vendor: | qualcomm | model: | sd no | scope: | eq | version: | 712 | Trust: 0.6 |
| vendor: | qualcomm | model: | sd no | scope: | eq | version: | 710 | Trust: 0.6 |
| vendor: | qualcomm | model: | sd no | scope: | eq | version: | 670 | Trust: 0.6 |
| vendor: | qualcomm | model: | sd no | scope: | eq | version: | 845 | Trust: 0.6 |
| vendor: | qualcomm | model: | sd no | scope: | eq | version: | 850 | Trust: 0.6 |
| vendor: | qualcomm | model: | sd no | scope: | eq | version: | 855 | Trust: 0.6 |
| vendor: | qualcomm | model: | sdm630 no | scope: | - | version: | - | Trust: 0.6 |
| vendor: | qualcomm | model: | sdm660 no | scope: | - | version: | - | Trust: 0.6 |
| vendor: | qualcomm | model: | msm8909w no | scope: | - | version: | - | Trust: 0.6 |
| vendor: | qualcomm | model: | qcs405 no | scope: | - | version: | - | Trust: 0.6 |
| vendor: | qualcomm | model: | sd no | scope: | eq | version: | 675 | Trust: 0.6 |
| vendor: | qualcomm | model: | sd no | scope: | eq | version: | 730 | Trust: 0.6 |
| vendor: | qualcomm | model: | sdx24 no | scope: | - | version: | - | Trust: 0.6 |
| vendor: | model: | pixel xl | scope: | eq | version: | 0 | Trust: 0.3 | |
| vendor: | model: | pixel c | scope: | eq | version: | 0 | Trust: 0.3 | |
| vendor: | model: | pixel | scope: | eq | version: | 0 | Trust: 0.3 | |
| vendor: | model: | nexus player | scope: | eq | version: | 0 | Trust: 0.3 | |
| vendor: | model: | nexus | scope: | eq | version: | 9 | Trust: 0.3 | |
| vendor: | model: | nexus 6p | scope: | - | version: | - | Trust: 0.3 | |
| vendor: | model: | nexus | scope: | eq | version: | 6 | Trust: 0.3 | |
| vendor: | model: | nexus | scope: | eq | version: | 5x | Trust: 0.3 | |
| vendor: | model: | android | scope: | eq | version: | 0 | Trust: 0.3 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-125 | Trust: 1.1 |
| problemtype: | CWE-20 | Trust: 0.9 |
THREAT TYPE
remote
Trust: 0.6
TYPE
buffer error
Trust: 0.6
CONFIGURATIONS
PATCH
| title: | July 2019 Qualcomm Technologies, Inc. Security Bulletin | url: | https://www.qualcomm.com/company/product-security/bulletins | Trust: 0.8 |
| title: | Patch for Multiple Qualcomm product input verification error vulnerabilities (CNVD-2020-20158) | url: | https://www.cnvd.org.cn/patchInfo/show/211555 | Trust: 0.6 |
| title: | Multiple Qualcomm Product input verification error vulnerability fixes | url: | http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=94313 | Trust: 0.6 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2019-2253 | Trust: 3.5 |
| db: | BID | id: | 108986 | Trust: 1.6 |
| db: | JVNDB | id: | JVNDB-2019-006965 | Trust: 0.8 |
| db: | CNVD | id: | CNVD-2020-20158 | Trust: 0.7 |
| db: | CNNVD | id: | CNNVD-201907-079 | Trust: 0.7 |
| db: | VULHUB | id: | VHN-153688 | Trust: 0.1 |
| db: | VULMON | id: | CVE-2019-2253 | Trust: 0.1 |
REFERENCES
| url: | https://www.qualcomm.com/company/product-security/bulletins | Trust: 1.8 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2019-2253 | Trust: 1.4 |
| url: | http://www.securityfocus.com/bid/108986 | Trust: 1.3 |
| url: | http://code.google.com/android/ | Trust: 0.9 |
| url: | http://www.qualcomm.com/ | Trust: 0.9 |
| url: | https://source.android.com/security/bulletin/2019-07-01.html | Trust: 0.9 |
| url: | https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-2253 | Trust: 0.8 |
| url: | https://vigilance.fr/vulnerability/google-android-multiple-vulnerabilities-of-july-2019-29673 | Trust: 0.6 |
| url: | https://cwe.mitre.org/data/definitions/125.html | Trust: 0.1 |
| url: | https://nvd.nist.gov | Trust: 0.1 |
CREDITS
The vendor reported these issues.
Trust: 0.9
SOURCES
| db: | CNVD | id: | CNVD-2020-20158 |
| db: | VULHUB | id: | VHN-153688 |
| db: | VULMON | id: | CVE-2019-2253 |
| db: | BID | id: | 108986 |
| db: | JVNDB | id: | JVNDB-2019-006965 |
| db: | CNNVD | id: | CNNVD-201907-079 |
| db: | NVD | id: | CVE-2019-2253 |
LAST UPDATE DATE
2024-11-23T21:37:05.814000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2020-20158 | date: | 2020-03-30T00:00:00 |
| db: | VULHUB | id: | VHN-153688 | date: | 2020-08-24T00:00:00 |
| db: | VULMON | id: | CVE-2019-2253 | date: | 2020-08-24T00:00:00 |
| db: | BID | id: | 108986 | date: | 2019-07-01T00:00:00 |
| db: | JVNDB | id: | JVNDB-2019-006965 | date: | 2019-07-30T00:00:00 |
| db: | CNNVD | id: | CNNVD-201907-079 | date: | 2020-10-28T00:00:00 |
| db: | NVD | id: | CVE-2019-2253 | date: | 2024-11-21T04:40:32.740 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2020-20158 | date: | 2020-03-30T00:00:00 |
| db: | VULHUB | id: | VHN-153688 | date: | 2019-07-25T00:00:00 |
| db: | VULMON | id: | CVE-2019-2253 | date: | 2019-07-25T00:00:00 |
| db: | BID | id: | 108986 | date: | 2019-07-01T00:00:00 |
| db: | JVNDB | id: | JVNDB-2019-006965 | date: | 2019-07-30T00:00:00 |
| db: | CNNVD | id: | CNNVD-201907-079 | date: | 2019-07-02T00:00:00 |
| db: | NVD | id: | CVE-2019-2253 | date: | 2019-07-25T17:15:12.410 |