Sign-up

ID

VAR-201909-1426


CVE

CVE-2019-10489


TITLE

plural Snapdragon In product NULL Pointer dereference vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-010027

DESCRIPTION

Possible null-pointer dereference can occur while parsing avi clip during copy in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9206, MDM9607, MSM8909W, MSM8996AU, QCA6574AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 600, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20. plural Snapdragon The product includes NULL A vulnerability related to pointer dereference exists.Service operation interruption (DoS) There is a possibility of being put into a state. Qualcomm MDM9206 and others are products of Qualcomm (Qualcomm). MDM9206 is a central processing unit (CPU) product. MDM9607 is a central processing unit (CPU) product. MSM8996AU is a central processing unit (CPU) product. A code issue vulnerability exists in several Qualcomm products. This vulnerability stems from improper design or implementation problems in the code development process of network systems or products

Trust: 1.71

sources: NVD: CVE-2019-10489 // JVNDB: JVNDB-2019-010027 // VULHUB: VHN-142040

AFFECTED PRODUCTS

vendor:qualcommmodel:qcs405scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 427scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sda660scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 710scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 425scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 675scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 429scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:215scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9607scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 820ascope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 730scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 615scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9206scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm660scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 450scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 616scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 439scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 435scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 665scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 712scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 625scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 632scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8996auscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 415scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qcs605scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 205scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 212scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 835scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 850scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm630scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca6574auscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 845scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 820scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm439scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 600scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8909wscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 670scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdx20scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 855scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 430scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 210scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 636scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9206scope: - version: -

Trust: 0.8

vendor:qualcommmodel:mdm9607scope: - version: -

Trust: 0.8

vendor:qualcommmodel:msm8909wscope: - version: -

Trust: 0.8

vendor:qualcommmodel:msm8996auscope: - version: -

Trust: 0.8

vendor:qualcommmodel:qca6574auscope: - version: -

Trust: 0.8

vendor:qualcommmodel:qcs405scope: - version: -

Trust: 0.8

vendor:qualcommmodel:qcs605scope: - version: -

Trust: 0.8

vendor:qualcommmodel:215scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 210scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 212scope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2019-010027 // NVD: CVE-2019-10489

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-10489
value: HIGH

Trust: 1.0

NVD: CVE-2019-10489
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201908-449
value: HIGH

Trust: 0.6

VULHUB: VHN-142040
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-10489
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-142040
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-10489
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2019-10489
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-142040 // JVNDB: JVNDB-2019-010027 // CNNVD: CNNVD-201908-449 // NVD: CVE-2019-10489

PROBLEMTYPE DATA

problemtype:CWE-476

Trust: 1.9

sources: VULHUB: VHN-142040 // JVNDB: JVNDB-2019-010027 // NVD: CVE-2019-10489

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-201908-449

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-010027

PATCH
title:August 2019 Qualcomm Technologies, Inc. Security Bulletinurl:https://www.qualcomm.com/company/product-security/bulletins/august-2019-bulletin
Trust: 0.8
title:Multiple Qualcomm Product code issue vulnerability fixesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=96186
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-010027 // 
            
            
            
            CNNVD: CNNVD-201908-449

EXTERNAL IDS
db:NVDid:CVE-2019-10489
Trust: 2.5
db:JVNDBid:JVNDB-2019-010027
Trust: 0.8
db:CNNVDid:CNNVD-201908-449
Trust: 0.7
db:VULHUBid:VHN-142040
Trust: 0.1
sources:
            
            
            VULHUB: VHN-142040 // 
            
            
            
            JVNDB: JVNDB-2019-010027 // 
            
            
            
            CNNVD: CNNVD-201908-449 // 
            
            
            
            NVD: CVE-2019-10489

REFERENCES
url:https://www.qualcomm.com/company/product-security/bulletins
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2019-10489
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-10489
Trust: 0.8
url:https://source.android.com/security/bulletin/2019-08-01.html
Trust: 0.6
url:https://vigilance.fr/vulnerability/google-android-multiple-vulnerabilities-of-august-2019-29951
Trust: 0.6
sources:
            
            
            VULHUB: VHN-142040 // 
            
            
            
            JVNDB: JVNDB-2019-010027 // 
            
            
            
            CNNVD: CNNVD-201908-449 // 
            
            
            
            NVD: CVE-2019-10489

SOURCES
db:VULHUBid:VHN-142040
db:JVNDBid:JVNDB-2019-010027
db:CNNVDid:CNNVD-201908-449
db:NVDid:CVE-2019-10489

LAST UPDATE DATE
2024-11-23T22:11:49.501000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-142040date:2019-10-02T00:00:00
db:JVNDBid:JVNDB-2019-010027date:2019-10-03T00:00:00
db:CNNVDid:CNNVD-201908-449date:2019-10-14T00:00:00
db:NVDid:CVE-2019-10489date:2024-11-21T04:19:15.737

SOURCES RELEASE DATE
db:VULHUBid:VHN-142040date:2019-09-30T00:00:00
db:JVNDBid:JVNDB-2019-010027date:2019-10-03T00:00:00
db:CNNVDid:CNNVD-201908-449date:2019-08-06T00:00:00
db:NVDid:CVE-2019-10489date:2019-09-30T16:15:10.323