Sign-up

ID

VAR-202003-1260


CVE

CVE-2019-10577


TITLE

plural Snapdragon Out-of-bounds read vulnerabilities in the product

Trust: 0.8

sources: JVNDB: JVNDB-2019-014823

DESCRIPTION

Improper input validation while processing SIP URI received from the network will lead to buffer over-read and then to denial of service in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096, APQ8096AU, APQ8098, MDM9150, MDM9205, MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS605, QM215, Rennell, Saipan, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130. plural Snapdragon The product contains an out-of-bounds read vulnerability.Information is obtained and service operation is interrupted (DoS) It may be put into a state. Qualcomm MDM9206, etc. are all products of Qualcomm. MDM9206 is a central processing unit (CPU) product. SDX24 is a modem. APQ8017 is a central processing unit (CPU) product. A buffer overflow vulnerability exists in the Data Modem of many Qualcomm products, and an attacker can use this vulnerability to cause a denial of service

Trust: 2.16

sources: NVD: CVE-2019-10577 // JVNDB: JVNDB-2019-014823 // CNVD: CNVD-2020-20199

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-20199

AFFECTED PRODUCTS

vendor:qualcommmodel:apq8009scope:eqversion: -

Trust: 2.2

vendor:qualcommmodel:apq8017scope:eqversion: -

Trust: 2.2

vendor:qualcommmodel:apq8096scope:eqversion: -

Trust: 2.2

vendor:qualcommmodel:apq8053scope:eqversion: -

Trust: 2.2

vendor:qualcommmodel:mdm9650scope:eqversion: -

Trust: 1.6

vendor:qualcommmodel:apq8096auscope:eqversion: -

Trust: 1.6

vendor:qualcommmodel:mdm9206scope: - version: -

Trust: 1.4

vendor:qualcommmodel:mdm9607scope: - version: -

Trust: 1.4

vendor:qualcommmodel:mdm9150scope: - version: -

Trust: 1.4

vendor:qualcommmodel:mdm9205scope: - version: -

Trust: 1.4

vendor:qualcommmodel:apq8009scope: - version: -

Trust: 1.4

vendor:qualcommmodel:apq8017scope: - version: -

Trust: 1.4

vendor:qualcommmodel:apq8053scope: - version: -

Trust: 1.4

vendor:qualcommmodel:apq8096auscope: - version: -

Trust: 1.4

vendor:qualcommmodel:apq8098scope: - version: -

Trust: 1.4

vendor:qualcommmodel:apq8096scope: - version: -

Trust: 1.4

vendor:qualcommmodel:msm8909scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8953scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sc8180xscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8917scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8998scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm429scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdx24scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sda660scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sm8250scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9615scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9607scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm450scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm710scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9645scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9206scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm660scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sxr2130scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9655scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9640scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9150scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm845scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8940scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sxr1130scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qcm2150scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sm8150scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdx55scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sda845scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm636scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8996auscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9625scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:saipanscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:apq8098scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qcs605scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sm6150scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sm7150scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm632scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm429wscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm670scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9205scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm630scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm850scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qm215scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm439scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:nicobarscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8909wscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8905scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9635mscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8920scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdx20scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:rennellscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8937scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8909wscope: - version: -

Trust: 0.6

vendor:qualcommmodel:sdx20scope: - version: -

Trust: 0.6

vendor:qualcommmodel:sdm429scope: - version: -

Trust: 0.6

vendor:qualcommmodel:sdm439scope: - version: -

Trust: 0.6

vendor:qualcommmodel:sdm630scope: - version: -

Trust: 0.6

vendor:qualcommmodel:sdm632scope: - version: -

Trust: 0.6

vendor:qualcommmodel:sdm636scope: - version: -

Trust: 0.6

vendor:qualcommmodel:sdm660scope: - version: -

Trust: 0.6

vendor:qualcommmodel:msm8996auscope: - version: -

Trust: 0.6

vendor:qualcommmodel:sda845scope: - version: -

Trust: 0.6

vendor:qualcommmodel:sdx24scope: - version: -

Trust: 0.6

vendor:qualcommmodel:sxr1130scope: - version: -

Trust: 0.6

vendor:qualcommmodel:mdm9615scope: - version: -

Trust: 0.6

vendor:qualcommmodel:mdm9625scope: - version: -

Trust: 0.6

vendor:qualcommmodel:mdm9635mscope: - version: -

Trust: 0.6

vendor:qualcommmodel:mdm9645scope: - version: -

Trust: 0.6

vendor:qualcommmodel:mdm9650scope: - version: -

Trust: 0.6

vendor:qualcommmodel:mdm9655scope: - version: -

Trust: 0.6

vendor:qualcommmodel:mdm9640scope: - version: -

Trust: 0.6

vendor:qualcommmodel:qcs605scope: - version: -

Trust: 0.6

vendor:qualcommmodel:sda660scope: - version: -

Trust: 0.6

vendor:qualcommmodel:nicobarscope: - version: -

Trust: 0.6

vendor:qualcommmodel:sm7150scope: - version: -

Trust: 0.6

vendor:qualcommmodel:sdm670scope: - version: -

Trust: 0.6

vendor:qualcommmodel:sm8150scope: - version: -

Trust: 0.6

vendor:qualcommmodel:sdm429wscope: - version: -

Trust: 0.6

vendor:qualcommmodel:msm8917scope: - version: -

Trust: 0.6

vendor:qualcommmodel:msm8920scope: - version: -

Trust: 0.6

vendor:qualcommmodel:msm8937scope: - version: -

Trust: 0.6

vendor:qualcommmodel:msm8940scope: - version: -

Trust: 0.6

vendor:qualcommmodel:msm8953scope: - version: -

Trust: 0.6

vendor:qualcommmodel:sc8180xscope: - version: -

Trust: 0.6

vendor:qualcommmodel:sdm450scope: - version: -

Trust: 0.6

vendor:qualcommmodel:sdx55scope: - version: -

Trust: 0.6

vendor:qualcommmodel:msm8905scope: - version: -

Trust: 0.6

vendor:qualcommmodel:msm8909scope: - version: -

Trust: 0.6

vendor:qualcommmodel:msm8998scope: - version: -

Trust: 0.6

vendor:qualcommmodel:qm215scope: - version: -

Trust: 0.6

vendor:qualcommmodel:rennellscope: - version: -

Trust: 0.6

vendor:qualcommmodel:qcm2150scope: - version: -

Trust: 0.6

vendor:qualcommmodel:sdm710scope: - version: -

Trust: 0.6

vendor:qualcommmodel:sdm845scope: - version: -

Trust: 0.6

vendor:qualcommmodel:sdm850scope: - version: -

Trust: 0.6

vendor:qualcommmodel:sm6150scope: - version: -

Trust: 0.6

vendor:qualcommmodel:saipanscope: - version: -

Trust: 0.6

vendor:qualcommmodel:sm8250scope: - version: -

Trust: 0.6

vendor:qualcommmodel:sxr2130scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2020-20199 // JVNDB: JVNDB-2019-014823 // CNNVD: CNNVD-202003-130 // NVD: CVE-2019-10577

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-10577
value: CRITICAL

Trust: 1.0

NVD: JVNDB-2019-014823
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2020-20199
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202003-130
value: CRITICAL

Trust: 0.6

nvd@nist.gov: CVE-2019-10577
severity: HIGH
baseScore: 9.4
vectorString: AV:N/AC:L/AU:N/C:C/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 9.2
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2019-014823
severity: HIGH
baseScore: 9.4
vectorString: AV:N/AC:L/AU:N/C:C/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-20199
severity: HIGH
baseScore: 9.4
vectorString: AV:N/AC:L/AU:N/C:C/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 9.2
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2019-10577
baseSeverity: CRITICAL
baseScore: 9.1
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.2
version: 3.1

Trust: 1.0

NVD: JVNDB-2019-014823
baseSeverity: CRITICAL
baseScore: 9.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-20199 // JVNDB: JVNDB-2019-014823 // CNNVD: CNNVD-202003-130 // NVD: CVE-2019-10577

PROBLEMTYPE DATA

problemtype:CWE-125

Trust: 1.8

problemtype:CWE-20

Trust: 1.0

sources: JVNDB: JVNDB-2019-014823 // NVD: CVE-2019-10577

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202003-130

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202003-130

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-014823

PATCH
title:March 2020 Security Bulletinurl:https://www.qualcomm.com/company/product-security/bulletins/march-2020-bulletin
Trust: 0.8
title:Patch for Multiple Qualcomm product Data Modem buffer overflow vulnerability (CNVD-2020-20199)url:https://www.cnvd.org.cn/patchInfo/show/211559
Trust: 0.6
title:Multiple Qualcomm product Data Modem Buffer error vulnerability fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=111591
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-20199 // 
            
            
            
            JVNDB: JVNDB-2019-014823 // 
            
            
            
            CNNVD: CNNVD-202003-130

EXTERNAL IDS
db:NVDid:CVE-2019-10577
Trust: 3.0
db:JVNDBid:JVNDB-2019-014823
Trust: 0.8
db:CNVDid:CNVD-2020-20199
Trust: 0.6
db:CNNVDid:CNNVD-202003-130
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-20199 // 
            
            
            
            JVNDB: JVNDB-2019-014823 // 
            
            
            
            CNNVD: CNNVD-202003-130 // 
            
            
            
            NVD: CVE-2019-10577

REFERENCES
url:https://nvd.nist.gov/vuln/detail/cve-2019-10577
Trust: 2.0
url:https://www.qualcomm.com/company/product-security/bulletins/march-2020-bulletin
Trust: 1.6
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-10577
Trust: 0.8
url:https://vigilance.fr/vulnerability/google-android-pixel-multiple-vulnerabilities-of-march-2020-31720
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-20199 // 
            
            
            
            JVNDB: JVNDB-2019-014823 // 
            
            
            
            CNNVD: CNNVD-202003-130 // 
            
            
            
            NVD: CVE-2019-10577

SOURCES
db:CNVDid:CNVD-2020-20199
db:JVNDBid:JVNDB-2019-014823
db:CNNVDid:CNNVD-202003-130
db:NVDid:CVE-2019-10577

LAST UPDATE DATE
2024-11-23T21:51:37.344000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-20199date:2020-03-30T00:00:00
db:JVNDBid:JVNDB-2019-014823date:2020-03-18T00:00:00
db:CNNVDid:CNNVD-202003-130date:2020-03-13T00:00:00
db:NVDid:CVE-2019-10577date:2024-11-21T04:19:29.340

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-20199date:2020-03-30T00:00:00
db:JVNDBid:JVNDB-2019-014823date:2020-03-18T00:00:00
db:CNNVDid:CNNVD-202003-130date:2020-03-03T00:00:00
db:NVDid:CVE-2019-10577date:2020-03-05T09:15:15.860