Sign-up

ID

VAR-201909-1453


CVE

CVE-2019-10539


TITLE

plural Snapdragon Classic buffer overflow vulnerability in products

Trust: 0.8

sources: JVNDB: JVNDB-2019-010018

DESCRIPTION

Possible buffer overflow issue due to lack of length check when parsing the extended cap IE header length in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in IPQ8074, MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA6174A, QCA6574, QCA6574AU, QCA6584, QCA8081, QCA9379, QCS404, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24, SXR1130. plural Snapdragon The product contains a classic buffer overflow vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Qualcomm WLAN chip is a dedicated chip for Qualcomm platform to handle WLAN/WIFI protocol. It belongs to Qualcomm Baseband subsystem, which is used to improve WLAN/WIFI processing speed and performance and reduce energy consumption. A remote code execution vulnerability exists in the Qualcomm WLAN chip. An attacker can control the WLAN firmware and eventually cause arbitrary code to be executed on the server. Qualcomm MDM9206 and others are products of Qualcomm (Qualcomm). MDM9206 is a central processing unit (CPU) product. MDM9607 is a central processing unit (CPU) product. MDM9640 is a central processing unit (CPU) product. A buffer error vulnerability exists in several Qualcomm products. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations. Attackers can exploit this vulnerability to cause buffer overflow or heap overflow, etc. The following products and versions are affected: Qualcomm MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA6174A, QCA6574, QCA6574AU, QCA6584, QCA8081, QCA9379, QCS404, QCS405, QCS605; Qualcomm 215, SD 2120/SD 2120/SD , SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX; Qualcomm SDA660, SDM439, SDM630, SDM660; Qualcomm SDX20, SDX24, SXR1130

Trust: 2.25

sources: NVD: CVE-2019-10539 // JVNDB: JVNDB-2019-010018 // CNVD: CNVD-2019-28290 // VULHUB: VHN-142095

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-28290

AFFECTED PRODUCTS

vendor:qualcommmodel:qca6584scope: - version: -

Trust: 1.4

vendor:qualcommmodel:mdm9607scope: - version: -

Trust: 1.4

vendor:qualcommmodel:msm8996auscope: - version: -

Trust: 1.4

vendor:qualcommmodel:mdm9650scope: - version: -

Trust: 1.4

vendor:qualcommmodel:mdm9640scope: - version: -

Trust: 1.4

vendor:qualcommmodel:ipq8074scope: - version: -

Trust: 1.4

vendor:qualcommmodel:qca6174ascope: - version: -

Trust: 1.4

vendor:qualcommmodel:qca6574auscope: - version: -

Trust: 1.4

vendor:qualcommmodel:sdscope:eqversion:427

Trust: 1.2

vendor:qualcommmodel:sdscope:eqversion:435

Trust: 1.2

vendor:qualcommmodel:qca9379scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdx24scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qcs405scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 427scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sda660scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 710scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 425scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 675scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 429scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:215scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9607scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 820ascope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 730scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9206scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm660scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 450scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:ipq8074scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9640scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca8081scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 435scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 439scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sxr1130scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qcs404scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 665scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 712scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 625scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 632scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8996auscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 8cxscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qcs605scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 205scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 212scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 835scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9650scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 850scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm630scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca6574auscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 845scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca6174ascope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 820scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm439scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 670scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdx20scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca6584scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 855scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 430scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca6574scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 210scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 636scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9206scope: - version: -

Trust: 0.8

vendor:qualcommmodel:qca6574scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sdscope:eqversion:212

Trust: 0.6

vendor:qualcommmodel:sdscope:eqversion:205

Trust: 0.6

vendor:qualcommmodel:sdx20scope: - version: -

Trust: 0.6

vendor:qualcommmodel:sdscope:eqversion:425

Trust: 0.6

vendor:qualcommmodel:sd 820ascope: - version: -

Trust: 0.6

vendor:qualcommmodel:sdm630scope: - version: -

Trust: 0.6

vendor:qualcommmodel:sdm660scope: - version: -

Trust: 0.6

vendor:qualcommmodel:sdscope:eqversion:845

Trust: 0.6

vendor:qualcommmodel:sdscope:eqversion:835

Trust: 0.6

vendor:qualcommmodel:sdscope:eqversion:210

Trust: 0.6

vendor:qualcommmodel:sdscope:eqversion:850

Trust: 0.6

vendor:qualcommmodel:sdscope:eqversion:430

Trust: 0.6

vendor:qualcommmodel:sdx24scope: - version: -

Trust: 0.6

vendor:qualcommmodel:sxr1130scope: - version: -

Trust: 0.6

vendor:qualcommmodel:qca8081scope: - version: -

Trust: 0.6

vendor:qualcommmodel:sdscope:eqversion:632

Trust: 0.6

vendor:qualcommmodel:sd 8cxscope: - version: -

Trust: 0.6

vendor:qualcommmodel:sdm439scope: - version: -

Trust: 0.6

vendor:qualcommmodel:sdscope:eqversion:439

Trust: 0.6

vendor:qualcommmodel:sdscope:eqversion:636

Trust: 0.6

vendor:qualcommmodel:sdscope:eqversion:710

Trust: 0.6

vendor:qualcommmodel:sdscope:eqversion:855

Trust: 0.6

vendor:qualcommmodel:qcs605scope: - version: -

Trust: 0.6

vendor:qualcommmodel:qualcommscope:eqversion:215

Trust: 0.6

vendor:qualcommmodel:qca9379scope: - version: -

Trust: 0.6

vendor:qualcommmodel:sdscope:eqversion:820

Trust: 0.6

vendor:qualcommmodel:sda660scope: - version: -

Trust: 0.6

vendor:qualcommmodel:qcs405scope: - version: -

Trust: 0.6

vendor:qualcommmodel:sdscope:eqversion:450

Trust: 0.6

vendor:qualcommmodel:sdscope:eqversion:675

Trust: 0.6

vendor:qualcommmodel:sdscope:eqversion:712

Trust: 0.6

vendor:qualcommmodel:sdscope:eqversion:730

Trust: 0.6

vendor:qualcommmodel:sdscope:eqversion:665

Trust: 0.6

sources: CNVD: CNVD-2019-28290 // JVNDB: JVNDB-2019-010018 // NVD: CVE-2019-10539

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-10539
value: CRITICAL

Trust: 1.0

NVD: CVE-2019-10539
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2019-28290
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201908-433
value: CRITICAL

Trust: 0.6

VULHUB: VHN-142095
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-10539
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2019-28290
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-142095
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-10539
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2019-10539
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2019-28290 // VULHUB: VHN-142095 // JVNDB: JVNDB-2019-010018 // CNNVD: CNNVD-201908-433 // NVD: CVE-2019-10539

PROBLEMTYPE DATA

problemtype:CWE-120

Trust: 1.9

sources: VULHUB: VHN-142095 // JVNDB: JVNDB-2019-010018 // NVD: CVE-2019-10539

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201908-433

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-010018

PATCH
title:August 2019 Qualcomm Technologies, Inc. Security Bulletinurl:https://www.qualcomm.com/company/product-security/bulletins/august-2019-bulletin
Trust: 0.8
title:Qualcomm WLAN chip remote code execution vulnerability patchurl:https://www.cnvd.org.cn/patchInfo/show/176425
Trust: 0.6
title:Multiple Qualcomm Product Buffer Error Vulnerability Fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=96173
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-28290 // 
            
            
            
            JVNDB: JVNDB-2019-010018 // 
            
            
            
            CNNVD: CNNVD-201908-433

EXTERNAL IDS
db:NVDid:CVE-2019-10539
Trust: 3.1
db:JVNDBid:JVNDB-2019-010018
Trust: 0.8
db:CNNVDid:CNNVD-201908-433
Trust: 0.7
db:CNVDid:CNVD-2019-28290
Trust: 0.6
db:VULHUBid:VHN-142095
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2019-28290 // 
            
            
            
            VULHUB: VHN-142095 // 
            
            
            
            JVNDB: JVNDB-2019-010018 // 
            
            
            
            CNNVD: CNNVD-201908-433 // 
            
            
            
            NVD: CVE-2019-10539

REFERENCES
url:https://www.qualcomm.com/company/product-security/bulletins
Trust: 2.3
url:https://nvd.nist.gov/vuln/detail/cve-2019-10539
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-10539
Trust: 0.8
url:https://source.android.com/security/bulletin/2019-08-01.html
Trust: 0.6
url:https://vigilance.fr/vulnerability/google-android-multiple-vulnerabilities-of-august-2019-29951
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-28290 // 
            
            
            
            VULHUB: VHN-142095 // 
            
            
            
            JVNDB: JVNDB-2019-010018 // 
            
            
            
            CNNVD: CNNVD-201908-433 // 
            
            
            
            NVD: CVE-2019-10539

SOURCES
db:CNVDid:CNVD-2019-28290
db:VULHUBid:VHN-142095
db:JVNDBid:JVNDB-2019-010018
db:CNNVDid:CNNVD-201908-433
db:NVDid:CVE-2019-10539

LAST UPDATE DATE
2024-11-23T22:44:49.724000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-28290date:2019-08-22T00:00:00
db:VULHUBid:VHN-142095date:2019-10-02T00:00:00
db:JVNDBid:JVNDB-2019-010018date:2019-10-03T00:00:00
db:CNNVDid:CNNVD-201908-433date:2019-10-14T00:00:00
db:NVDid:CVE-2019-10539date:2024-11-21T04:19:23.623

SOURCES RELEASE DATE
db:CNVDid:CNVD-2019-28290date:2019-08-22T00:00:00
db:VULHUBid:VHN-142095date:2019-09-30T00:00:00
db:JVNDBid:JVNDB-2019-010018date:2019-10-03T00:00:00
db:CNNVDid:CNNVD-201908-433date:2019-08-06T00:00:00
db:NVDid:CVE-2019-10539date:2019-09-30T16:15:11.040