Sign-up

ID

VAR-201912-1447


CVE

CVE-2019-2310


TITLE

plural Qualcomm Product out-of-bounds vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-012935

DESCRIPTION

Out of bound read would occur while trying to read action category and action ID without validating the action length of the Rx Frame body in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8909, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, QCA6174A, QCA6574AU, QCA9377, QCA9379, QCN7605, QCS605, SDA660, SDA845, SDM450, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SM8150. plural Qualcomm The product contains an out-of-bounds vulnerability.Information may be obtained. Qualcomm MDM9206 and so on are the products of American Qualcomm. MDM9206 is a central processing unit (CPU) product. MDM9607 is a central processing unit (CPU) product. SDX20 is a modem. WLAN is one of the wireless LAN components. WLAN components in several Qualcomm products have buffer overflow vulnerabilities. The vulnerability originates from a network system or product that incorrectly validates data boundaries when performing operations on memory, resulting in incorrect read and write operations to other associated memory locations. An attacker could use this vulnerability to cause a buffer overflow or heap overflow

Trust: 2.16

sources: NVD: CVE-2019-2310 // JVNDB: JVNDB-2019-012935 // CNVD: CNVD-2020-16069

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-16069

AFFECTED PRODUCTS

vendor:qualcommmodel:msm8909scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:apq8053scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8953scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sda845scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca9379scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8917scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:apq8096auscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8996auscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8998scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm636scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:apq8009scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:apq8098scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qcs605scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sda660scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9607scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm670scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sm8150scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca9377scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm450scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9650scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm710scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:apq8017scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9206scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca6574auscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm630scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca6174ascope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm660scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qcn7605scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9640scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm845scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9207cscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdx20scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8920scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8940scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8937scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:apq8009scope: - version: -

Trust: 0.8

vendor:qualcommmodel:apq8017scope: - version: -

Trust: 0.8

vendor:qualcommmodel:apq8053scope: - version: -

Trust: 0.8

vendor:qualcommmodel:apq8096auscope: - version: -

Trust: 0.8

vendor:qualcommmodel:apq8098scope: - version: -

Trust: 0.8

vendor:qualcommmodel:mdm9206scope: - version: -

Trust: 0.8

vendor:qualcommmodel:mdm9207cscope: - version: -

Trust: 0.8

vendor:qualcommmodel:mdm9607scope: - version: -

Trust: 0.8

vendor:qualcommmodel:mdm9640scope: - version: -

Trust: 0.8

vendor:qualcommmodel:mdm9650scope: - version: -

Trust: 0.8

vendor:qualcommmodel:mdmscope:eqversion:9607

Trust: 0.6

vendor:qualcommmodel:mdmscope:eqversion:9650

Trust: 0.6

vendor:qualcommmodel:msmscope:eqversion:8909

Trust: 0.6

vendor:qualcommmodel:msm 8996auscope: - version: -

Trust: 0.6

vendor:qualcommmodel:qcsscope:eqversion:605

Trust: 0.6

vendor:qualcommmodel:sdascope:eqversion:660

Trust: 0.6

vendor:qualcommmodel:sdmscope:eqversion:630

Trust: 0.6

vendor:qualcommmodel:sdmscope:eqversion:660

Trust: 0.6

vendor:qualcommmodel:sdxscope:eqversion:20

Trust: 0.6

vendor:qualcommmodel:mdmscope:eqversion:9206

Trust: 0.6

vendor:qualcommmodel:qca 6574auscope: - version: -

Trust: 0.6

vendor:qualcommmodel:mdmscope:eqversion:9640

Trust: 0.6

vendor:qualcommmodel:qca 6174ascope: - version: -

Trust: 0.6

vendor:qualcommmodel:qcascope:eqversion:9377

Trust: 0.6

vendor:qualcommmodel:qcascope:eqversion:9379

Trust: 0.6

vendor:qualcommmodel:msmscope:eqversion:8998

Trust: 0.6

vendor:qualcommmodel:sdascope:eqversion:845

Trust: 0.6

vendor:qualcommmodel:sdmscope:eqversion:636

Trust: 0.6

vendor:qualcommmodel:sdmscope:eqversion:670

Trust: 0.6

vendor:qualcommmodel:sdmscope:eqversion:710

Trust: 0.6

vendor:qualcommmodel:sdmscope:eqversion:845

Trust: 0.6

vendor:qualcommmodel:smscope:eqversion:8150

Trust: 0.6

vendor:qualcommmodel:apqscope:eqversion:8017

Trust: 0.6

vendor:qualcommmodel:apqscope:eqversion:8053

Trust: 0.6

vendor:qualcommmodel:apqscope:eqversion:8009

Trust: 0.6

vendor:qualcommmodel:apq 8096auscope: - version: -

Trust: 0.6

vendor:qualcommmodel:apqscope:eqversion:8098

Trust: 0.6

vendor:qualcommmodel:msmscope:eqversion:8917

Trust: 0.6

vendor:qualcommmodel:msmscope:eqversion:8920

Trust: 0.6

vendor:qualcommmodel:msmscope:eqversion:8937

Trust: 0.6

vendor:qualcommmodel:msmscope:eqversion:8940

Trust: 0.6

vendor:qualcommmodel:msmscope:eqversion:8953

Trust: 0.6

vendor:qualcommmodel:sdmscope:eqversion:450

Trust: 0.6

vendor:qualcommmodel:mdm 9207cscope: - version: -

Trust: 0.6

vendor:qualcommmodel:qcnscope:eqversion:7605

Trust: 0.6

sources: CNVD: CNVD-2020-16069 // JVNDB: JVNDB-2019-012935 // NVD: CVE-2019-2310

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-2310
value: HIGH

Trust: 1.0

NVD: CVE-2019-2310
value: HIGH

Trust: 0.8

CNVD: CNVD-2020-16069
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201911-260
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2019-2310
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2020-16069
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2019-2310
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2019-2310
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-16069 // JVNDB: JVNDB-2019-012935 // CNNVD: CNNVD-201911-260 // NVD: CVE-2019-2310

PROBLEMTYPE DATA

problemtype:CWE-125

Trust: 1.8

sources: JVNDB: JVNDB-2019-012935 // NVD: CVE-2019-2310

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201911-260

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201911-260

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-012935

PATCH
title:November 2019 Security Bulletinurl:https://www.qualcomm.com/company/product-security/bulletins/november-2019-bulletin
Trust: 0.8
title:Patch for Multiple Qualcomm Product WLAN Component Buffer Overflow Vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/207851
Trust: 0.6
title:Multiple Qualcomm product WLAN Fix for component buffer error vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=104671
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-16069 // 
            
            
            
            JVNDB: JVNDB-2019-012935 // 
            
            
            
            CNNVD: CNNVD-201911-260

EXTERNAL IDS
db:NVDid:CVE-2019-2310
Trust: 3.0
db:JVNDBid:JVNDB-2019-012935
Trust: 0.8
db:CNVDid:CNVD-2020-16069
Trust: 0.6
db:CNNVDid:CNNVD-201911-260
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-16069 // 
            
            
            
            JVNDB: JVNDB-2019-012935 // 
            
            
            
            CNNVD: CNNVD-201911-260 // 
            
            
            
            NVD: CVE-2019-2310

REFERENCES
url:https://www.qualcomm.com/company/product-security/bulletins/november-2019-bulletin
Trust: 2.2
url:https://nvd.nist.gov/vuln/detail/cve-2019-2310
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-2310
Trust: 0.8
url:https://vigilance.fr/vulnerability/google-android-pixel-multiple-vulnerabilities-of-november-2019-30795
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-16069 // 
            
            
            
            JVNDB: JVNDB-2019-012935 // 
            
            
            
            CNNVD: CNNVD-201911-260 // 
            
            
            
            NVD: CVE-2019-2310

SOURCES
db:CNVDid:CNVD-2020-16069
db:JVNDBid:JVNDB-2019-012935
db:CNNVDid:CNNVD-201911-260
db:NVDid:CVE-2019-2310

LAST UPDATE DATE
2024-11-23T22:33:38.005000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-16069date:2020-03-09T00:00:00
db:JVNDBid:JVNDB-2019-012935date:2019-12-17T00:00:00
db:CNNVDid:CNNVD-201911-260date:2020-06-24T00:00:00
db:NVDid:CVE-2019-2310date:2024-11-21T04:40:40.713

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-16069date:2020-03-09T00:00:00
db:JVNDBid:JVNDB-2019-012935date:2019-12-17T00:00:00
db:CNNVDid:CNNVD-201911-260date:2019-11-06T00:00:00
db:NVDid:CVE-2019-2310date:2019-12-12T09:15:12.940