Sign-up

ID

VAR-201909-0986


CVE

CVE-2019-2333


TITLE

plural Snapdragon Classic buffer overflow vulnerability in products

Trust: 0.8

sources: JVNDB: JVNDB-2019-010096

DESCRIPTION

Buffer overflow due to improper validation of buffer size while IPA driver processing to perform read operation in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9607, MDM9650, MSM8909W, MSM8996AU, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24. plural Snapdragon The product contains a classic buffer overflow vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Qualcomm MDM9607 and others are products of Qualcomm (Qualcomm). MDM9607 is a central processing unit (CPU) product. MDM9650 is a central processing unit (CPU) product. SDX24 is a modem. A buffer error vulnerability exists in the IPA driver in several Qualcomm products. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations. Attackers can exploit this vulnerability to cause buffer overflow or heap overflow, etc

Trust: 1.71

sources: NVD: CVE-2019-2333 // JVNDB: JVNDB-2019-010096 // VULHUB: VHN-153768

AFFECTED PRODUCTS

vendor:qualcommmodel:sd 430scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sda660scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9150scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 439scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 820ascope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 205scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 429scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 632scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdx20scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdx24scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 712scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm660scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9607scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 625scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 212scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8996auscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 850scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 427scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 855scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8909wscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 670scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm439scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 845scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9650scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qcs605scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 210scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 636scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 730scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 450scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm630scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 675scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 435scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 820scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 710scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 425scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 665scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 835scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:215scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9150scope: - version: -

Trust: 0.8

vendor:qualcommmodel:mdm9607scope: - version: -

Trust: 0.8

vendor:qualcommmodel:mdm9650scope: - version: -

Trust: 0.8

vendor:qualcommmodel:msm8909wscope: - version: -

Trust: 0.8

vendor:qualcommmodel:msm8996auscope: - version: -

Trust: 0.8

vendor:qualcommmodel:qcs605scope: - version: -

Trust: 0.8

vendor:qualcommmodel:215scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 205scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 210scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 212scope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2019-010096 // NVD: CVE-2019-2333

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-2333
value: HIGH

Trust: 1.0

NVD: CVE-2019-2333
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201909-121
value: MEDIUM

Trust: 0.6

VULHUB: VHN-153768
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-2333
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-153768
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-2333
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2019-2333
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-153768 // JVNDB: JVNDB-2019-010096 // CNNVD: CNNVD-201909-121 // NVD: CVE-2019-2333

PROBLEMTYPE DATA

problemtype:CWE-120

Trust: 1.9

sources: VULHUB: VHN-153768 // JVNDB: JVNDB-2019-010096 // NVD: CVE-2019-2333

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201909-121

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-010096

PATCH
title:August 2019 Code Aurora Security Bulletinurl:https://www.codeaurora.org/security-bulletin/2019/08/05/august-2019-code-aurora-security-bulletin
Trust: 0.8
title:Multiple Qualcomm product IPA Driver Buffer Error Vulnerability Fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=97883
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-010096 // 
            
            
            
            CNNVD: CNNVD-201909-121

EXTERNAL IDS
db:NVDid:CVE-2019-2333
Trust: 2.5
db:JVNDBid:JVNDB-2019-010096
Trust: 0.8
db:CNNVDid:CNNVD-201909-121
Trust: 0.7
db:VULHUBid:VHN-153768
Trust: 0.1
sources:
            
            
            VULHUB: VHN-153768 // 
            
            
            
            JVNDB: JVNDB-2019-010096 // 
            
            
            
            CNNVD: CNNVD-201909-121 // 
            
            
            
            NVD: CVE-2019-2333

REFERENCES
url:https://www.codeaurora.org/security-bulletin/2019/08/05/august-2019-code-aurora-security-bulletin
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2019-2333
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-2333
Trust: 0.8
url:https://vigilance.fr/vulnerability/google-android-os-multiple-vulnerabilities-30243
Trust: 0.6
sources:
            
            
            VULHUB: VHN-153768 // 
            
            
            
            JVNDB: JVNDB-2019-010096 // 
            
            
            
            CNNVD: CNNVD-201909-121 // 
            
            
            
            NVD: CVE-2019-2333

SOURCES
db:VULHUBid:VHN-153768
db:JVNDBid:JVNDB-2019-010096
db:CNNVDid:CNNVD-201909-121
db:NVDid:CVE-2019-2333

LAST UPDATE DATE
2024-08-14T14:32:32.938000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-153768date:2019-10-03T00:00:00
db:JVNDBid:JVNDB-2019-010096date:2019-10-04T00:00:00
db:CNNVDid:CNNVD-201909-121date:2019-10-14T00:00:00
db:NVDid:CVE-2019-2333date:2019-10-03T14:27:44.327

SOURCES RELEASE DATE
db:VULHUBid:VHN-153768date:2019-09-30T00:00:00
db:JVNDBid:JVNDB-2019-010096date:2019-10-04T00:00:00
db:CNNVDid:CNNVD-201909-121date:2019-09-04T00:00:00
db:NVDid:CVE-2019-2333date:2019-09-30T16:15:11.510