Details of VAR-202001-1473

ID

VAR-202001-1473

CVE

CVE-2019-10578

TITLE

plural Snapdragon In products NULL Pointer dereference vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-014201

DESCRIPTION

Null pointer dereference can occur while parsing the clip which is nonstandard in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, Nicobar, QCA6574AU, QCS605, QM215, Rennell, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130. plural Snapdragon Products include NULL A vulnerability exists in pointer dereferencing.Denial of service (DoS) May be in a state. Qualcomm MDM9206, etc. are all products of Qualcomm (Qualcomm). MDM9206 is a central processing unit (CPU) product. MDM9607 is a central processing unit (CPU) product. SDX20 is a modem. Video in many Qualcomm products has an input verification error vulnerability. A remote attacker can use a specially crafted clip file to exploit the vulnerability to cause a denial of service

Trust: 2.16

sources: NVD: CVE-2019-10578 // JVNDB: JVNDB-2019-014201 // CNVD: CNVD-2020-41777

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2020-41777

AFFECTED PRODUCTS

vendor:	qualcomm	model:	mdm9206	scope:	-	version:	-	Trust: 1.4
vendor:	qualcomm	model:	mdm9607	scope:	-	version:	-	Trust: 1.4
vendor:	qualcomm	model:	apq8009	scope:	-	version:	-	Trust: 1.4
vendor:	qualcomm	model:	mdm9207c	scope:	-	version:	-	Trust: 1.4
vendor:	qualcomm	model:	apq8017	scope:	-	version:	-	Trust: 1.4
vendor:	qualcomm	model:	apq8053	scope:	-	version:	-	Trust: 1.4
vendor:	qualcomm	model:	apq8096au	scope:	-	version:	-	Trust: 1.4
vendor:	qualcomm	model:	apq8098	scope:	-	version:	-	Trust: 1.4
vendor:	qualcomm	model:	msm8909	scope:	-	version:	-	Trust: 1.4
vendor:	qualcomm	model:	apq8064	scope:	-	version:	-	Trust: 1.4
vendor:	qualcomm	model:	sda660	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sm8250	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdm632	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	apq8064	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	mdm9207c	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	msm8953	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	msm8937	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	apq8096au	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdm429	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdx20	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sm6150	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdm660	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sxr2130	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	mdm9607	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca6574au	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	msm8996au	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	msm8909w	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	msm8996	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	apq8053	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	msm8939	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdm439	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdm670	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	nicobar	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qcs605	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdm710	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	msm8998	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sm8150	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	apq8098	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdm429w	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	msm8917	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	apq8017	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	msm8920	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	msm8909	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	msm8940	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qm215	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdm450	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	apq8009	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdm630	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	mdm9206	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdm636	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	rennell	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdm845	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sxr1130	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sda845	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sm7150	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	msm8909w	scope:	-	version:	-	Trust: 0.6
vendor:	qualcomm	model:	sdx20	scope:	-	version:	-	Trust: 0.6
vendor:	qualcomm	model:	sdm429	scope:	-	version:	-	Trust: 0.6
vendor:	qualcomm	model:	sdm439	scope:	-	version:	-	Trust: 0.6
vendor:	qualcomm	model:	sdm632	scope:	-	version:	-	Trust: 0.6
vendor:	qualcomm	model:	sdm636	scope:	-	version:	-	Trust: 0.6
vendor:	qualcomm	model:	sdm660	scope:	-	version:	-	Trust: 0.6
vendor:	qualcomm	model:	msm8996au	scope:	-	version:	-	Trust: 0.6
vendor:	qualcomm	model:	sxr1130	scope:	-	version:	-	Trust: 0.6
vendor:	qualcomm	model:	qcs605	scope:	-	version:	-	Trust: 0.6
vendor:	qualcomm	model:	sm7150	scope:	-	version:	-	Trust: 0.6
vendor:	qualcomm	model:	sdm630	scope:	-	version:	-	Trust: 0.6
vendor:	qualcomm	model:	qca6574au	scope:	-	version:	-	Trust: 0.6
vendor:	qualcomm	model:	sda	scope:	eq	version:	660	Trust: 0.6
vendor:	qualcomm	model:	nicobar	scope:	-	version:	-	Trust: 0.6
vendor:	qualcomm	model:	sda	scope:	eq	version:	845	Trust: 0.6
vendor:	qualcomm	model:	sdm670	scope:	-	version:	-	Trust: 0.6
vendor:	qualcomm	model:	sm8150	scope:	-	version:	-	Trust: 0.6
vendor:	qualcomm	model:	sdm429w	scope:	-	version:	-	Trust: 0.6
vendor:	qualcomm	model:	msm8917	scope:	-	version:	-	Trust: 0.6
vendor:	qualcomm	model:	msm8920	scope:	-	version:	-	Trust: 0.6
vendor:	qualcomm	model:	msm8937	scope:	-	version:	-	Trust: 0.6
vendor:	qualcomm	model:	msm8940	scope:	-	version:	-	Trust: 0.6
vendor:	qualcomm	model:	msm8953	scope:	-	version:	-	Trust: 0.6
vendor:	qualcomm	model:	sdm450	scope:	-	version:	-	Trust: 0.6
vendor:	qualcomm	model:	msm8998	scope:	-	version:	-	Trust: 0.6
vendor:	qualcomm	model:	qm215	scope:	-	version:	-	Trust: 0.6
vendor:	qualcomm	model:	rennell	scope:	-	version:	-	Trust: 0.6
vendor:	qualcomm	model:	sdm710	scope:	-	version:	-	Trust: 0.6
vendor:	qualcomm	model:	sdm845	scope:	-	version:	-	Trust: 0.6
vendor:	qualcomm	model:	sm6150	scope:	-	version:	-	Trust: 0.6
vendor:	qualcomm	model:	sm8250	scope:	-	version:	-	Trust: 0.6
vendor:	qualcomm	model:	sxr2130	scope:	-	version:	-	Trust: 0.6
vendor:	qualcomm	model:	msm8939	scope:	-	version:	-	Trust: 0.6
vendor:	qualcomm	model:	msm8996	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2020-41777 // JVNDB: JVNDB-2019-014201 // NVD: CVE-2019-10578

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-10578
value:	HIGH
Trust: 1.0
NVD:	CVE-2019-10578
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2020-41777
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-202001-203
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2019-10578
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2020-41777
severity:	HIGH
baseScore:	7.1
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2019-10578
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2019-10578
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2020-41777 // JVNDB: JVNDB-2019-014201 // CNNVD: CNNVD-202001-203 // NVD: CVE-2019-10578

PROBLEMTYPE DATA

problemtype:

CWE-476

Trust: 1.8

sources: JVNDB: JVNDB-2019-014201 // NVD: CVE-2019-10578

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202001-203

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-014201

PATCH

title:	January 2020 Security Bulletin	url:	https://www.qualcomm.com/company/product-security/bulletins/january-2020-bulletin	Trust: 0.8
title:	Patch for Multiple Qualcomm products input verification error vulnerability (CNVD-2020-41777)	url:	https://www.cnvd.org.cn/patchInfo/show/226751	Trust: 0.6
title:	Multiple Qualcomm Product input verification error vulnerability fixes	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=108332	Trust: 0.6

sources: CNVD: CNVD-2020-41777 // JVNDB: JVNDB-2019-014201 // CNNVD: CNNVD-202001-203

EXTERNAL IDS

db:	NVD	id:	CVE-2019-10578	Trust: 3.0
db:	JVNDB	id:	JVNDB-2019-014201	Trust: 0.8
db:	CNVD	id:	CNVD-2020-41777	Trust: 0.6
db:	CNNVD	id:	CNNVD-202001-203	Trust: 0.6

sources: CNVD: CNVD-2020-41777 // JVNDB: JVNDB-2019-014201 // CNNVD: CNNVD-202001-203 // NVD: CVE-2019-10578

REFERENCES

url:	https://www.qualcomm.com/company/product-security/bulletins/january-2020-bulletin	Trust: 2.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-10578	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-10578	Trust: 0.8
url:	https://vigilance.fr/vulnerability/google-android-pixel-multiple-vulnerabilities-of-january-2020-31267	Trust: 0.6

sources: CNVD: CNVD-2020-41777 // JVNDB: JVNDB-2019-014201 // CNNVD: CNNVD-202001-203 // NVD: CVE-2019-10578

SOURCES

db:	CNVD	id:	CNVD-2020-41777
db:	JVNDB	id:	JVNDB-2019-014201
db:	CNNVD	id:	CNNVD-202001-203
db:	NVD	id:	CVE-2019-10578

LAST UPDATE DATE

2024-08-14T15:17:45.133000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2020-41777	date:	2020-07-23T00:00:00
db:	JVNDB	id:	JVNDB-2019-014201	date:	2020-02-06T00:00:00
db:	CNNVD	id:	CNNVD-202001-203	date:	2020-05-15T00:00:00
db:	NVD	id:	CVE-2019-10578	date:	2020-01-23T19:35:39.100

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2020-41777	date:	2020-07-23T00:00:00
db:	JVNDB	id:	JVNDB-2019-014201	date:	2020-02-06T00:00:00
db:	CNNVD	id:	CNNVD-202001-203	date:	2020-01-07T00:00:00
db:	NVD	id:	CVE-2019-10578	date:	2020-01-21T07:15:11.540