Sign-up

ID

VAR-201912-1449


CVE

CVE-2019-2337


TITLE

plural Qualcomm Product out-of-bounds vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-012927

DESCRIPTION

While Skipping unknown IES, EMM is reading the buffer even if the no of bytes to read are more than message length which may cause device to shutdown in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in APQ8053, APQ8096AU, APQ8098, MDM9150, MDM9205, MDM9206, MDM9640, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8976, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS605, QM215, SC8180X, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, Snapdragon_High_Med_2016, SXR1130, SXR2130. plural Qualcomm The product contains an out-of-bounds vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Qualcomm MDM9206 and so on are the products of American Qualcomm. MDM9206 is a central processing unit (CPU) product. MDM9640 is a central processing unit (CPU) product. SDX24 is a modem. A buffer overflow vulnerability exists in NAS in several Qualcomm products. The vulnerability originates from a network system or product that incorrectly validates data boundaries when performing operations on memory, resulting in incorrect read and write operations to other associated memory locations. An attacker could use this vulnerability to cause a buffer overflow or heap overflow

Trust: 2.16

sources: NVD: CVE-2019-2337 // JVNDB: JVNDB-2019-012927 // CNVD: CNVD-2020-16071

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-16071

AFFECTED PRODUCTS

vendor:qualcommmodel:msm8909scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:apq8053scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8953scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sc8180xscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8917scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8998scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm429scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdx24scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sda660scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sm8250scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm450scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm710scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sxr2130scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9206scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm660scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9655scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9640scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9150scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8976scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm845scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8940scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sxr1130scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qcm2150scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sm8150scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdx55scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sda845scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm636scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:apq8096auscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8996auscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sm7150scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:apq8098scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qcs605scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sm6150scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm632scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm670scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:snapdragon high med 2016scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9650scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm630scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9205scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm850scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qm215scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm439scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:nicobarscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8909wscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8905scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8920scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdx20scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8937scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:apq8053scope: - version: -

Trust: 0.8

vendor:qualcommmodel:apq8096auscope: - version: -

Trust: 0.8

vendor:qualcommmodel:apq8098scope: - version: -

Trust: 0.8

vendor:qualcommmodel:mdm9150scope: - version: -

Trust: 0.8

vendor:qualcommmodel:mdm9205scope: - version: -

Trust: 0.8

vendor:qualcommmodel:mdm9206scope: - version: -

Trust: 0.8

vendor:qualcommmodel:mdm9640scope: - version: -

Trust: 0.8

vendor:qualcommmodel:mdm9650scope: - version: -

Trust: 0.8

vendor:qualcommmodel:mdm9655scope: - version: -

Trust: 0.8

vendor:qualcommmodel:msm8905scope: - version: -

Trust: 0.8

vendor:qualcommmodel:mdmscope:eqversion:9150

Trust: 0.6

vendor:qualcommmodel:mdmscope:eqversion:9650

Trust: 0.6

vendor:qualcommmodel:sdmscope:eqversion:439

Trust: 0.6

vendor:qualcommmodel:sdmscope:eqversion:630

Trust: 0.6

vendor:qualcommmodel:sdmscope:eqversion:660

Trust: 0.6

vendor:qualcommmodel:sdxscope:eqversion:24

Trust: 0.6

vendor:qualcommmodel:sdxscope:eqversion:20

Trust: 0.6

vendor:qualcommmodel:mdmscope:eqversion:9206

Trust: 0.6

vendor:qualcommmodel:mdmscope:eqversion:9640

Trust: 0.6

vendor:qualcommmodel:mdmscope:eqversion:9205

Trust: 0.6

vendor:qualcommmodel:sdmscope:eqversion:636

Trust: 0.6

vendor:qualcommmodel:sdmscope:eqversion:670

Trust: 0.6

vendor:qualcommmodel:sdmscope:eqversion:710

Trust: 0.6

vendor:qualcommmodel:sdmscope:eqversion:845

Trust: 0.6

vendor:qualcommmodel:sdmscope:eqversion:850

Trust: 0.6

vendor:qualcommmodel:smscope:eqversion:6150

Trust: 0.6

vendor:qualcommmodel:apqscope:eqversion:8053

Trust: 0.6

vendor:qualcommmodel:apq 8096auscope: - version: -

Trust: 0.6

vendor:qualcommmodel:apqscope:eqversion:8098

Trust: 0.6

vendor:qualcommmodel:mdmscope:eqversion:9655

Trust: 0.6

vendor:qualcommmodel:msmscope:eqversion:8905

Trust: 0.6

vendor:qualcommmodel:sdmscope:eqversion:429

Trust: 0.6

vendor:qualcommmodel:sdmscope:eqversion:450

Trust: 0.6

vendor:qualcommmodel:sdmscope:eqversion:632

Trust: 0.6

vendor:qualcommmodel:sdxscope:eqversion:55

Trust: 0.6

vendor:qualcommmodel:nicobarscope:eqversion:8909

Trust: 0.6

vendor:qualcommmodel:nicobar 8909wscope: - version: -

Trust: 0.6

vendor:qualcommmodel:nicobarscope:eqversion:8917

Trust: 0.6

vendor:qualcommmodel:nicobarscope:eqversion:8920

Trust: 0.6

vendor:qualcommmodel:nicobarscope:eqversion:8937

Trust: 0.6

vendor:qualcommmodel:nicobarscope:eqversion:8940

Trust: 0.6

vendor:qualcommmodel:nicobarscope:eqversion:8953

Trust: 0.6

vendor:qualcommmodel:nicobarscope:eqversion:8976

Trust: 0.6

vendor:qualcommmodel:nicobar 8996auscope: - version: -

Trust: 0.6

vendor:qualcommmodel:nicobarscope:eqversion:8998

Trust: 0.6

vendor:marwelmodel:qcm noscope: - version: -

Trust: 0.6

vendor:qualcommmodel:qcsscope:eqversion:2150

Trust: 0.6

vendor:qualcommmodel:qmscope:eqversion:605

Trust: 0.6

vendor:qualcommmodel:scscope:eqversion:215

Trust: 0.6

vendor:qualcommmodel:sdascope:eqversion:8180x

Trust: 0.6

vendor:qualcommmodel:snapdragon high medscope:eqversion:7150

Trust: 0.6

vendor:qualcommmodel:snapdragon high medscope:eqversion:8150

Trust: 0.6

vendor:qualcommmodel:snapdragon high medscope:eqversion:8250

Trust: 0.6

vendor:qualcommmodel:sxrscope:eqversion:2016

Trust: 0.6

sources: CNVD: CNVD-2020-16071 // JVNDB: JVNDB-2019-012927 // NVD: CVE-2019-2337

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-2337
value: HIGH

Trust: 1.0

NVD: CVE-2019-2337
value: HIGH

Trust: 0.8

CNVD: CNVD-2020-16071
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201911-258
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2019-2337
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2020-16071
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2019-2337
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2019-2337
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-16071 // JVNDB: JVNDB-2019-012927 // CNNVD: CNNVD-201911-258 // NVD: CVE-2019-2337

PROBLEMTYPE DATA

problemtype:CWE-125

Trust: 1.8

sources: JVNDB: JVNDB-2019-012927 // NVD: CVE-2019-2337

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201911-258

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201911-258

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-012927

PATCH
title:November 2019 Security Bulletinurl:https://www.qualcomm.com/company/product-security/bulletins/november-2019-bulletin
Trust: 0.8
title:Patch for Multiple Qualcomm Product Buffer Overflow Vulnerabilities (CNVD-2020-16071)url:https://www.cnvd.org.cn/patchInfo/show/207807
Trust: 0.6
title:Multiple Qualcomm Product Buffer Error Vulnerability Fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=102051
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-16071 // 
            
            
            
            JVNDB: JVNDB-2019-012927 // 
            
            
            
            CNNVD: CNNVD-201911-258

EXTERNAL IDS
db:NVDid:CVE-2019-2337
Trust: 3.0
db:JVNDBid:JVNDB-2019-012927
Trust: 0.8
db:CNVDid:CNVD-2020-16071
Trust: 0.6
db:CNNVDid:CNNVD-201911-258
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-16071 // 
            
            
            
            JVNDB: JVNDB-2019-012927 // 
            
            
            
            CNNVD: CNNVD-201911-258 // 
            
            
            
            NVD: CVE-2019-2337

REFERENCES
url:https://www.qualcomm.com/company/product-security/bulletins/november-2019-bulletin
Trust: 2.8
url:https://nvd.nist.gov/vuln/detail/cve-2019-2337
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-2337
Trust: 0.8
url:https://vigilance.fr/vulnerability/google-android-pixel-multiple-vulnerabilities-of-november-2019-30795
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-16071 // 
            
            
            
            JVNDB: JVNDB-2019-012927 // 
            
            
            
            CNNVD: CNNVD-201911-258 // 
            
            
            
            NVD: CVE-2019-2337

SOURCES
db:CNVDid:CNVD-2020-16071
db:JVNDBid:JVNDB-2019-012927
db:CNNVDid:CNNVD-201911-258
db:NVDid:CVE-2019-2337

LAST UPDATE DATE
2024-11-23T22:41:16.853000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-16071date:2020-03-09T00:00:00
db:JVNDBid:JVNDB-2019-012927date:2019-12-17T00:00:00
db:CNNVDid:CNNVD-201911-258date:2020-06-24T00:00:00
db:NVDid:CVE-2019-2337date:2024-11-21T04:40:44.693

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-16071date:2020-03-09T00:00:00
db:JVNDBid:JVNDB-2019-012927date:2019-12-17T00:00:00
db:CNNVDid:CNNVD-201911-258date:2019-11-06T00:00:00
db:NVDid:CVE-2019-2337date:2019-12-12T09:15:13.253