Sign-up

ID

VAR-201909-1430


CVE

CVE-2019-10499


TITLE

plural Snapdragon Vulnerability related to array index verification in products

Trust: 0.8

sources: JVNDB: JVNDB-2019-010010

DESCRIPTION

Improper validation of read and write index of tx and rx fifo`s before using for data copy from fifo can lead to out-of-bound access. in Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in IPQ4019, IPQ8064, IPQ8074, QCS405, SD 665, SD 675, SD 730, SD 855. plural Snapdragon The product contains a vulnerability related to array index validation.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Qualcomm IPQ8074 is a central processing unit (CPU) product of Qualcomm (Qualcomm). An input validation error vulnerability exists in several Qualcomm products. The vulnerability stems from the failure of the network system or product to properly validate the input data. The following products and versions are affected: Qualcomm IPQ4019; IPQ8064; IPQ8074; QCS405; SD 665; SD 675; SD 730; SD 855

Trust: 1.71

sources: NVD: CVE-2019-10499 // JVNDB: JVNDB-2019-010010 // VULHUB: VHN-142051

AFFECTED PRODUCTS

vendor:qualcommmodel:ipq4019scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 855scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 675scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:ipq8074scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 665scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:ipq8064scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qcs405scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 730scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:ipq4019scope: - version: -

Trust: 0.8

vendor:qualcommmodel:ipq8064scope: - version: -

Trust: 0.8

vendor:qualcommmodel:ipq8074scope: - version: -

Trust: 0.8

vendor:qualcommmodel:qcs405scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 665scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 675scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 730scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 855scope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2019-010010 // NVD: CVE-2019-10499

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-10499
value: HIGH

Trust: 1.0

NVD: CVE-2019-10499
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201908-446
value: HIGH

Trust: 0.6

VULHUB: VHN-142051
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-10499
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-142051
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-10499
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2019-10499
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-142051 // JVNDB: JVNDB-2019-010010 // CNNVD: CNNVD-201908-446 // NVD: CVE-2019-10499

PROBLEMTYPE DATA

problemtype:CWE-129

Trust: 1.9

sources: VULHUB: VHN-142051 // JVNDB: JVNDB-2019-010010 // NVD: CVE-2019-10499

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201908-446

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-010010

PATCH
title:August 2019 Code Aurora Security Bulletinurl:https://www.codeaurora.org/security-bulletin/2019/08/05/august-2019-code-aurora-security-bulletin
Trust: 0.8
title:Android Qualcomm MProc Fixes for component security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=96183
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-010010 // 
            
            
            
            CNNVD: CNNVD-201908-446

EXTERNAL IDS
db:NVDid:CVE-2019-10499
Trust: 2.5
db:JVNDBid:JVNDB-2019-010010
Trust: 0.8
db:CNNVDid:CNNVD-201908-446
Trust: 0.7
db:VULHUBid:VHN-142051
Trust: 0.1
sources:
            
            
            VULHUB: VHN-142051 // 
            
            
            
            JVNDB: JVNDB-2019-010010 // 
            
            
            
            CNNVD: CNNVD-201908-446 // 
            
            
            
            NVD: CVE-2019-10499

REFERENCES
url:https://www.codeaurora.org/security-bulletin/2019/08/05/august-2019-code-aurora-security-bulletin
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2019-10499
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-10499
Trust: 0.8
url:https://source.android.com/security/bulletin/2019-08-01.html
Trust: 0.6
url:https://vigilance.fr/vulnerability/google-android-multiple-vulnerabilities-of-august-2019-29951
Trust: 0.6
sources:
            
            
            VULHUB: VHN-142051 // 
            
            
            
            JVNDB: JVNDB-2019-010010 // 
            
            
            
            CNNVD: CNNVD-201908-446 // 
            
            
            
            NVD: CVE-2019-10499

SOURCES
db:VULHUBid:VHN-142051
db:JVNDBid:JVNDB-2019-010010
db:CNNVDid:CNNVD-201908-446
db:NVDid:CVE-2019-10499

LAST UPDATE DATE
2024-11-23T22:48:14.157000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-142051date:2019-10-02T00:00:00
db:JVNDBid:JVNDB-2019-010010date:2019-10-03T00:00:00
db:CNNVDid:CNNVD-201908-446date:2020-07-28T00:00:00
db:NVDid:CVE-2019-10499date:2024-11-21T04:19:17.383

SOURCES RELEASE DATE
db:VULHUBid:VHN-142051date:2019-09-30T00:00:00
db:JVNDBid:JVNDB-2019-010010date:2019-10-03T00:00:00
db:CNNVDid:CNNVD-201908-446date:2019-08-06T00:00:00
db:NVDid:CVE-2019-10499date:2019-09-30T16:15:10.573