Details of VAR-201912-1800

ID

VAR-201912-1800

CVE

CVE-2019-10598

TITLE

plural Snapdragon Classic buffer overflow vulnerability in products

Trust: 0.8

sources: JVNDB: JVNDB-2019-013350

DESCRIPTION

Out of bound access can occur while processing peer info in IBSS connection mode due to lack of upper bounds check to ensure that for loop further will not cause an overflow in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in APQ8053, APQ8096AU, MDM9607, MSM8996AU, QCA6574AU, QCN7605, QCS605, SDA660, SDA845, SDM630, SDM636, SDM660, SDM845, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SXR1130. plural Snapdragon The product contains a classic buffer overflow vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Qualcomm MDM9607 and so on are the products of American Qualcomm. MDM9607 is a central processing unit (CPU) product. MSM8996AU is a central processing unit (CPU) product. QCA6574AU is a central processing unit (CPU) product. A buffer overflow vulnerability exists in the WLAN Host in multiple Qualcomm products. The vulnerability stems from a network system or product that incorrectly validates data boundaries when performing operations on memory, resulting in incorrect read and write operations to associated other memory locations An attacker could use this vulnerability to cause a buffer overflow or heap overflow

Trust: 2.16

sources: NVD: CVE-2019-10598 // JVNDB: JVNDB-2019-013350 // CNVD: CNVD-2020-03577

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2020-03577

AFFECTED PRODUCTS

vendor:	qualcomm	model:	sm8150	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	apq8053	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdx55	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sda845	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdm636	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	apq8096au	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	msm8996au	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdx24	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sm7150	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qcs605	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sm6150	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sda660	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	mdm9607	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdm630	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdm660	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca6574au	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qcn7605	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdm845	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdx20	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sxr1130	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	apq8053	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	apq8096au	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	mdm9607	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	msm8996au	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	qca6574au	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	qcn7605	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	qcs605	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	sda660	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	sda845	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	sdm630	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	mdm	scope:	eq	version:	9607	Trust: 0.6
vendor:	qualcomm	model:	msm 8996au	scope:	-	version:	-	Trust: 0.6
vendor:	qualcomm	model:	qcs	scope:	eq	version:	605	Trust: 0.6
vendor:	qualcomm	model:	sda	scope:	eq	version:	660	Trust: 0.6
vendor:	qualcomm	model:	sdm	scope:	eq	version:	630	Trust: 0.6
vendor:	qualcomm	model:	sdm	scope:	eq	version:	660	Trust: 0.6
vendor:	qualcomm	model:	sdx	scope:	eq	version:	24	Trust: 0.6
vendor:	qualcomm	model:	sdx	scope:	eq	version:	20	Trust: 0.6
vendor:	qualcomm	model:	qca 6574au	scope:	-	version:	-	Trust: 0.6
vendor:	qualcomm	model:	sxr	scope:	eq	version:	1130	Trust: 0.6
vendor:	qualcomm	model:	sda	scope:	eq	version:	845	Trust: 0.6
vendor:	qualcomm	model:	sdm	scope:	eq	version:	636	Trust: 0.6
vendor:	qualcomm	model:	sdm	scope:	eq	version:	845	Trust: 0.6
vendor:	qualcomm	model:	sm	scope:	eq	version:	6150	Trust: 0.6
vendor:	qualcomm	model:	sm	scope:	eq	version:	7150	Trust: 0.6
vendor:	qualcomm	model:	sm	scope:	eq	version:	8150	Trust: 0.6
vendor:	qualcomm	model:	apq	scope:	eq	version:	8053	Trust: 0.6
vendor:	qualcomm	model:	apq 8096au	scope:	-	version:	-	Trust: 0.6
vendor:	qualcomm	model:	sdx	scope:	eq	version:	55	Trust: 0.6
vendor:	qualcomm	model:	qcn	scope:	eq	version:	7605	Trust: 0.6

sources: CNVD: CNVD-2020-03577 // JVNDB: JVNDB-2019-013350 // NVD: CVE-2019-10598

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-10598
value:	HIGH
Trust: 1.0
NVD:	CVE-2019-10598
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2020-03577
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201912-090
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2019-10598
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2020-03577
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2019-10598
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2019-10598
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2020-03577 // JVNDB: JVNDB-2019-013350 // CNNVD: CNNVD-201912-090 // NVD: CVE-2019-10598

PROBLEMTYPE DATA

problemtype:

CWE-120

Trust: 1.8

sources: JVNDB: JVNDB-2019-013350 // NVD: CVE-2019-10598

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201912-090

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201912-090

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-013350

PATCH

title:	December 2019 Security Bulletin	url:	https://www.qualcomm.com/company/product-security/bulletins/december-2019-bulletin	Trust: 0.8
title:	Patch for Multiple Qualcomm Product Buffer Overflow Vulnerabilities (CNVD-2020-03577)	url:	https://www.cnvd.org.cn/patchInfo/show/198881	Trust: 0.6
title:	Multiple Qualcomm Product Buffer Error Vulnerability Fix	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=105626	Trust: 0.6

sources: CNVD: CNVD-2020-03577 // JVNDB: JVNDB-2019-013350 // CNNVD: CNNVD-201912-090

EXTERNAL IDS

db:	NVD	id:	CVE-2019-10598	Trust: 3.0
db:	JVNDB	id:	JVNDB-2019-013350	Trust: 0.8
db:	CNVD	id:	CNVD-2020-03577	Trust: 0.6
db:	CNNVD	id:	CNNVD-201912-090	Trust: 0.6

sources: CNVD: CNVD-2020-03577 // JVNDB: JVNDB-2019-013350 // CNNVD: CNNVD-201912-090 // NVD: CVE-2019-10598

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2019-10598	Trust: 2.0
url:	https://www.qualcomm.com/company/product-security/bulletins/december-2019-bulletin	Trust: 1.6
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-10598	Trust: 0.8
url:	https://source.android.google.cn/security/bulletin/2019-12-01.html	Trust: 0.6
url:	https://vigilance.fr/vulnerability/google-android-pixel-multiple-vulnerabilities-of-december-2019-31041	Trust: 0.6

sources: CNVD: CNVD-2020-03577 // JVNDB: JVNDB-2019-013350 // CNNVD: CNNVD-201912-090 // NVD: CVE-2019-10598

SOURCES

db:	CNVD	id:	CNVD-2020-03577
db:	JVNDB	id:	JVNDB-2019-013350
db:	CNNVD	id:	CNNVD-201912-090
db:	NVD	id:	CVE-2019-10598

LAST UPDATE DATE

2024-11-23T22:58:27.366000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2020-03577	date:	2020-02-04T00:00:00
db:	JVNDB	id:	JVNDB-2019-013350	date:	2019-12-26T00:00:00
db:	CNNVD	id:	CNNVD-201912-090	date:	2020-06-04T00:00:00
db:	NVD	id:	CVE-2019-10598	date:	2024-11-21T04:19:32.823

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2020-03577	date:	2020-02-04T00:00:00
db:	JVNDB	id:	JVNDB-2019-013350	date:	2019-12-26T00:00:00
db:	CNNVD	id:	CNNVD-201912-090	date:	2019-12-02T00:00:00
db:	NVD	id:	CVE-2019-10598	date:	2019-12-18T06:15:12.440