Details of VAR-201911-1432

ID

VAR-201911-1432

CVE

CVE-2019-2297

TITLE

plural Snapdragon Product integer underflow vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-012277

DESCRIPTION

Buffer overflow can occur while processing non-standard NAN message from user space. in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, IPQ4019, IPQ8064, IPQ8074, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8905, MSM8996AU, QCA6174A, QCA6574AU, QCA9377, QCA9379, QCN7605, QCS405, QCS605, SDA660, SDA845, SDM636, SDM660, SDM845, SDX20, SDX24, SM8150. plural Snapdragon The product contains an integer underflow vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Qualcomm MDM9206 and so on are the products of American Qualcomm. MDM9206 is a central processing unit (CPU) product. MDM9607 is a central processing unit (CPU) product. SDX24 is a modem. There are security holes in WLANs in several Qualcomm products. An attacker could use this vulnerability to cause a buffer overflow

Trust: 2.16

sources: NVD: CVE-2019-2297 // JVNDB: JVNDB-2019-012277 // CNVD: CNVD-2020-16064

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2020-16064

AFFECTED PRODUCTS

vendor:	qualcomm	model:	apq8009	scope:	eq	version:	-	Trust: 2.2
vendor:	qualcomm	model:	sdx24	scope:	eq	version:	-	Trust: 2.2
vendor:	qualcomm	model:	sdx20	scope:	eq	version:	-	Trust: 2.2
vendor:	qualcomm	model:	sm8150	scope:	eq	version:	-	Trust: 2.2
vendor:	qualcomm	model:	sdm845	scope:	eq	version:	-	Trust: 1.6
vendor:	qualcomm	model:	apq8017	scope:	eq	version:	-	Trust: 1.6
vendor:	qualcomm	model:	apq8053	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sda845	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca9379	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdm636	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	apq8096au	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	msm8996au	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qcs405	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qcs605	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sda660	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	apq8064	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	mdm9607	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	ipq8064	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca9377	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	mdm9650	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	ipq4019	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	mdm9206	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca6574au	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdm660	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca6174a	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	ipq8074	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	mdm9640	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qcn7605	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	mdm9207c	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	msm8905	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	apq8009	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	apq8017	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	apq8053	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	apq8064	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	apq8096au	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	ipq4019	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	ipq8064	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	ipq8074	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	mdm9206	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	mdm9207c	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	mdm	scope:	eq	version:	9607	Trust: 0.6
vendor:	qualcomm	model:	mdm	scope:	eq	version:	9650	Trust: 0.6
vendor:	qualcomm	model:	msm 8996au	scope:	-	version:	-	Trust: 0.6
vendor:	qualcomm	model:	qcs	scope:	eq	version:	605	Trust: 0.6
vendor:	qualcomm	model:	sda	scope:	eq	version:	660	Trust: 0.6
vendor:	qualcomm	model:	sdm	scope:	eq	version:	660	Trust: 0.6
vendor:	qualcomm	model:	sdx	scope:	eq	version:	24	Trust: 0.6
vendor:	qualcomm	model:	qcs	scope:	eq	version:	405	Trust: 0.6
vendor:	qualcomm	model:	sdx	scope:	eq	version:	20	Trust: 0.6
vendor:	qualcomm	model:	mdm	scope:	eq	version:	9206	Trust: 0.6
vendor:	qualcomm	model:	qca 6574au	scope:	-	version:	-	Trust: 0.6
vendor:	qualcomm	model:	ipq	scope:	eq	version:	4019	Trust: 0.6
vendor:	qualcomm	model:	ipq	scope:	eq	version:	8064	Trust: 0.6
vendor:	qualcomm	model:	ipq	scope:	eq	version:	8074	Trust: 0.6
vendor:	qualcomm	model:	mdm	scope:	eq	version:	9640	Trust: 0.6
vendor:	qualcomm	model:	qca 6174a	scope:	-	version:	-	Trust: 0.6
vendor:	qualcomm	model:	qca	scope:	eq	version:	9377	Trust: 0.6
vendor:	qualcomm	model:	qca	scope:	eq	version:	9379	Trust: 0.6
vendor:	qualcomm	model:	apq 8096au	scope:	-	version:	-	Trust: 0.6
vendor:	qualcomm	model:	sda	scope:	eq	version:	845	Trust: 0.6
vendor:	qualcomm	model:	sdm	scope:	eq	version:	636	Trust: 0.6
vendor:	qualcomm	model:	sdm	scope:	eq	version:	845	Trust: 0.6
vendor:	qualcomm	model:	sm	scope:	eq	version:	8150	Trust: 0.6
vendor:	qualcomm	model:	msm	scope:	eq	version:	8905	Trust: 0.6
vendor:	qualcomm	model:	mdm 9207c	scope:	-	version:	-	Trust: 0.6
vendor:	qualcomm	model:	qcn	scope:	eq	version:	7605	Trust: 0.6
vendor:	qualcomm	model:	apq	scope:	eq	version:	8009	Trust: 0.6
vendor:	qualcomm	model:	apq	scope:	eq	version:	8017	Trust: 0.6
vendor:	qualcomm	model:	apq	scope:	eq	version:	8053	Trust: 0.6
vendor:	qualcomm	model:	apq	scope:	eq	version:	8064	Trust: 0.6

sources: CNVD: CNVD-2020-16064 // JVNDB: JVNDB-2019-012277 // CNNVD: CNNVD-201910-323 // NVD: CVE-2019-2297

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-2297
value:	HIGH
Trust: 1.0
NVD:	CVE-2019-2297
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2020-16064
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201910-323
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2019-2297
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2020-16064
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2019-2297
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2019-2297
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2020-16064 // JVNDB: JVNDB-2019-012277 // CNNVD: CNNVD-201910-323 // NVD: CVE-2019-2297

PROBLEMTYPE DATA

problemtype:	CWE-119	Trust: 1.0
problemtype:	CWE-190	Trust: 1.0
problemtype:	CWE-191	Trust: 0.8

sources: JVNDB: JVNDB-2019-012277 // NVD: CVE-2019-2297

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201910-323

TYPE

digital error

Trust: 0.6

sources: CNNVD: CNNVD-201910-323

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-012277

PATCH

title:	October 2019 Security Bulletin	url:	https://www.qualcomm.com/company/product-security/bulletins/october-2019-bulletin	Trust: 0.8
title:	Patch for Multiple Qualcomm Product Buffer Overflow Vulnerabilities (CNVD-2020-16064)	url:	https://www.cnvd.org.cn/patchInfo/show/207803	Trust: 0.6
title:	Multiple Qualcomm Product security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=99027	Trust: 0.6

sources: CNVD: CNVD-2020-16064 // JVNDB: JVNDB-2019-012277 // CNNVD: CNNVD-201910-323

EXTERNAL IDS

db:	NVD	id:	CVE-2019-2297	Trust: 3.0
db:	JVNDB	id:	JVNDB-2019-012277	Trust: 0.8
db:	CNVD	id:	CNVD-2020-16064	Trust: 0.6
db:	CNNVD	id:	CNNVD-201910-323	Trust: 0.6

sources: CNVD: CNVD-2020-16064 // JVNDB: JVNDB-2019-012277 // CNNVD: CNNVD-201910-323 // NVD: CVE-2019-2297

REFERENCES

url:	https://www.qualcomm.com/company/product-security/bulletins/october-2019-bulletin	Trust: 2.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-2297	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-2297	Trust: 0.8
url:	https://vigilance.fr/vulnerability/google-android-pixel-multiple-vulnerabilities-of-october-2019-30549	Trust: 0.6

sources: CNVD: CNVD-2020-16064 // JVNDB: JVNDB-2019-012277 // CNNVD: CNNVD-201910-323 // NVD: CVE-2019-2297

SOURCES

db:	CNVD	id:	CNVD-2020-16064
db:	JVNDB	id:	JVNDB-2019-012277
db:	CNNVD	id:	CNNVD-201910-323
db:	NVD	id:	CVE-2019-2297

LAST UPDATE DATE

2024-11-23T22:41:17.675000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2020-16064	date:	2020-03-09T00:00:00
db:	JVNDB	id:	JVNDB-2019-012277	date:	2019-11-28T00:00:00
db:	CNNVD	id:	CNNVD-201910-323	date:	2019-12-04T00:00:00
db:	NVD	id:	CVE-2019-2297	date:	2024-11-21T04:40:38.660

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2020-16064	date:	2020-03-09T00:00:00
db:	JVNDB	id:	JVNDB-2019-012277	date:	2019-11-28T00:00:00
db:	CNNVD	id:	CNNVD-201910-323	date:	2019-10-08T00:00:00
db:	NVD	id:	CVE-2019-2297	date:	2019-11-21T15:15:15.527