ID
VAR-201912-1803
CVE
CVE-2019-10605
TITLE
plural Snapdragon Classic buffer overflow vulnerability in products
Trust: 0.8
DESCRIPTION
Buffer overwrite can occur in IEEE80211 header filling function due to lack of range check of array index received from firmware in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8053, IPQ8074, MDM9607, MDM9650, MSM8909, MSM8939, QCN7605, SDA660, SDM630, SDM636, SDM660, SDX20, SDX24. plural Snapdragon The product contains a classic buffer overflow vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Qualcomm MDM9607 and so on are the products of American Qualcomm. MDM9607 is a central processing unit (CPU) product. MDM9650 is a central processing unit (CPU) product. SDX24 is a modem. A buffer overflow vulnerability exists in the WLAN Host in multiple Qualcomm products. The vulnerability stems from a network system or product that incorrectly validates data boundaries when performing operations on memory, resulting in incorrect read and write operations to associated other memory locations An attacker could use this vulnerability to cause a buffer overflow or heap overflow
Trust: 2.16
IOT TAXONOMY
| category: | ['Network device'] | sub_category: | - | Trust: 0.6 |
AFFECTED PRODUCTS
| vendor: | qualcomm | model: | msm8909 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | apq8053 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sdm630 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sdm636 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sdm660 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | mdm9607 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | qcn7605 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | ipq8074 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | apq8009 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sdx24 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sdx20 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sda660 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | msm8939 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | mdm9650 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | apq8009 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | apq8053 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | ipq8074 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | mdm9607 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | mdm9650 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | msm8909 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | msm8939 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | qcn7605 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | sda660 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | sdm630 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | mdm | scope: | eq | version: | 9607 | Trust: 0.6 |
| vendor: | qualcomm | model: | mdm | scope: | eq | version: | 9650 | Trust: 0.6 |
| vendor: | qualcomm | model: | msm | scope: | eq | version: | 8909 | Trust: 0.6 |
| vendor: | qualcomm | model: | sda | scope: | eq | version: | 660 | Trust: 0.6 |
| vendor: | qualcomm | model: | sdm | scope: | eq | version: | 630 | Trust: 0.6 |
| vendor: | qualcomm | model: | sdm | scope: | eq | version: | 660 | Trust: 0.6 |
| vendor: | qualcomm | model: | sdx | scope: | eq | version: | 24 | Trust: 0.6 |
| vendor: | qualcomm | model: | sdx | scope: | eq | version: | 20 | Trust: 0.6 |
| vendor: | qualcomm | model: | ipq | scope: | eq | version: | 8074 | Trust: 0.6 |
| vendor: | qualcomm | model: | sdm | scope: | eq | version: | 636 | Trust: 0.6 |
| vendor: | qualcomm | model: | apq | scope: | eq | version: | 8053 | Trust: 0.6 |
| vendor: | qualcomm | model: | apq | scope: | eq | version: | 8009 | Trust: 0.6 |
| vendor: | qualcomm | model: | msm | scope: | eq | version: | 8939 | Trust: 0.6 |
| vendor: | qualcomm | model: | qcn | scope: | eq | version: | 7605 | Trust: 0.6 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-120 | Trust: 1.8 |
THREAT TYPE
local
Trust: 0.6
TYPE
buffer error
Trust: 0.6
CONFIGURATIONS
PATCH
| title: | December 2019 Security Bulletin | url: | https://www.qualcomm.com/company/product-security/bulletins/december-2019-bulletin | Trust: 0.8 |
| title: | Patch for Multiple Qualcomm Product Buffer Overflow Vulnerabilities (CNVD-2020-03571) | url: | https://www.cnvd.org.cn/patchInfo/show/198885 | Trust: 0.6 |
| title: | Multiple Qualcomm Product Buffer Error Vulnerability Fix | url: | http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=105625 | Trust: 0.6 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2019-10605 | Trust: 3.0 |
| db: | JVNDB | id: | JVNDB-2019-013347 | Trust: 0.8 |
| db: | CNVD | id: | CNVD-2020-03571 | Trust: 0.6 |
| db: | CNNVD | id: | CNNVD-201912-089 | Trust: 0.6 |
REFERENCES
| url: | https://nvd.nist.gov/vuln/detail/cve-2019-10605 | Trust: 2.0 |
| url: | https://www.qualcomm.com/company/product-security/bulletins/december-2019-bulletin | Trust: 1.6 |
| url: | https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-10605 | Trust: 0.8 |
| url: | https://source.android.google.cn/security/bulletin/2019-12-01.html | Trust: 0.6 |
| url: | https://vigilance.fr/vulnerability/google-android-pixel-multiple-vulnerabilities-of-december-2019-31041 | Trust: 0.6 |
SOURCES
| db: | CNVD | id: | CNVD-2020-03571 |
| db: | JVNDB | id: | JVNDB-2019-013347 |
| db: | CNNVD | id: | CNNVD-201912-089 |
| db: | NVD | id: | CVE-2019-10605 |
LAST UPDATE DATE
2024-11-23T22:44:45.734000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2020-03571 | date: | 2020-02-04T00:00:00 |
| db: | JVNDB | id: | JVNDB-2019-013347 | date: | 2019-12-26T00:00:00 |
| db: | CNNVD | id: | CNNVD-201912-089 | date: | 2020-06-04T00:00:00 |
| db: | NVD | id: | CVE-2019-10605 | date: | 2024-11-21T04:19:33.833 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2020-03571 | date: | 2020-02-04T00:00:00 |
| db: | JVNDB | id: | JVNDB-2019-013347 | date: | 2019-12-26T00:00:00 |
| db: | CNNVD | id: | CNNVD-201912-089 | date: | 2019-12-02T00:00:00 |
| db: | NVD | id: | CVE-2019-10605 | date: | 2019-12-18T06:15:12.643 |