Sign-up

ID

VAR-202003-1261


CVE

CVE-2019-10593


TITLE

plural Snapdragon Classic buffer overflow vulnerability in the product

Trust: 0.8

sources: JVNDB: JVNDB-2019-014812

DESCRIPTION

Buffer overflow can occur when processing non standard SDP video Image attribute parameter in a VILTE\VOLTE call in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8076, APQ8096, APQ8096AU, APQ8098, MDM9150, MDM9206, MDM9607, MDM9640, MDM9645, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS605, QM215, Rennell, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SXR1130. plural Snapdragon The product contains a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Qualcomm MDM9206, etc. are all products of Qualcomm. MDM9206 is a central processing unit (CPU) product. SDX24 is a modem. APQ8017 is a central processing unit (CPU) product. There are input validation error vulnerabilities in Data Modem in many Qualcomm products, and attackers can use the specially crafted request to exploit this vulnerability to execute arbitrary code on the system

Trust: 2.16

sources: NVD: CVE-2019-10593 // JVNDB: JVNDB-2019-014812 // CNVD: CNVD-2020-20201

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-20201

AFFECTED PRODUCTS

vendor:qualcommmodel:apq8009scope:eqversion: -

Trust: 2.2

vendor:qualcommmodel:apq8017scope:eqversion: -

Trust: 2.2

vendor:qualcommmodel:apq8076scope:eqversion: -

Trust: 2.2

vendor:qualcommmodel:apq8053scope:eqversion: -

Trust: 2.2

vendor:qualcommmodel:apq8096auscope:eqversion: -

Trust: 1.6

vendor:qualcommmodel:apq8096scope:eqversion: -

Trust: 1.6

vendor:qualcommmodel:mdm9206scope: - version: -

Trust: 1.4

vendor:qualcommmodel:mdm9607scope: - version: -

Trust: 1.4

vendor:qualcommmodel:mdm9150scope: - version: -

Trust: 1.4

vendor:qualcommmodel:apq8009scope: - version: -

Trust: 1.4

vendor:qualcommmodel:apq8017scope: - version: -

Trust: 1.4

vendor:qualcommmodel:apq8053scope: - version: -

Trust: 1.4

vendor:qualcommmodel:apq8096auscope: - version: -

Trust: 1.4

vendor:qualcommmodel:apq8098scope: - version: -

Trust: 1.4

vendor:qualcommmodel:apq8096scope: - version: -

Trust: 1.4

vendor:qualcommmodel:apq8076scope: - version: -

Trust: 1.4

vendor:qualcommmodel:msm8909scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8953scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sc8180xscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8917scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8998scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm429scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdx24scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sda660scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9607scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm450scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm710scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9645scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9206scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm660scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9655scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9640scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9150scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm845scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8940scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sxr1130scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qcm2150scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sm8150scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdx55scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sda845scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm636scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8996auscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sm7150scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:apq8098scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qcs605scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sm6150scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm632scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm429wscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm670scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9650scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm630scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm850scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qm215scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm439scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:nicobarscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8909wscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8905scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8920scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdx20scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:rennellscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8937scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8909wscope: - version: -

Trust: 0.6

vendor:qualcommmodel:msm8996auscope: - version: -

Trust: 0.6

vendor:qualcommmodel:sdx20scope: - version: -

Trust: 0.6

vendor:qualcommmodel:sdm429scope: - version: -

Trust: 0.6

vendor:qualcommmodel:sdm439scope: - version: -

Trust: 0.6

vendor:qualcommmodel:sdm632scope: - version: -

Trust: 0.6

vendor:qualcommmodel:sdm636scope: - version: -

Trust: 0.6

vendor:qualcommmodel:sdm660scope: - version: -

Trust: 0.6

vendor:qualcommmodel:sda660scope: - version: -

Trust: 0.6

vendor:qualcommmodel:sda845scope: - version: -

Trust: 0.6

vendor:qualcommmodel:sdx24scope: - version: -

Trust: 0.6

vendor:qualcommmodel:sxr1130scope: - version: -

Trust: 0.6

vendor:qualcommmodel:mdm9645scope: - version: -

Trust: 0.6

vendor:qualcommmodel:mdm9650scope: - version: -

Trust: 0.6

vendor:qualcommmodel:mdm9655scope: - version: -

Trust: 0.6

vendor:qualcommmodel:qcs605scope: - version: -

Trust: 0.6

vendor:qualcommmodel:mdm9640scope: - version: -

Trust: 0.6

vendor:qualcommmodel:sdm630scope: - version: -

Trust: 0.6

vendor:qualcommmodel:nicobarscope: - version: -

Trust: 0.6

vendor:qualcommmodel:sm7150scope: - version: -

Trust: 0.6

vendor:qualcommmodel:sdm670scope: - version: -

Trust: 0.6

vendor:qualcommmodel:sm8150scope: - version: -

Trust: 0.6

vendor:qualcommmodel:sdm429wscope: - version: -

Trust: 0.6

vendor:qualcommmodel:msm8917scope: - version: -

Trust: 0.6

vendor:qualcommmodel:msm8920scope: - version: -

Trust: 0.6

vendor:qualcommmodel:msm8937scope: - version: -

Trust: 0.6

vendor:qualcommmodel:msm8940scope: - version: -

Trust: 0.6

vendor:qualcommmodel:msm8953scope: - version: -

Trust: 0.6

vendor:qualcommmodel:sc8180xscope: - version: -

Trust: 0.6

vendor:qualcommmodel:sdm450scope: - version: -

Trust: 0.6

vendor:qualcommmodel:sdx55scope: - version: -

Trust: 0.6

vendor:qualcommmodel:msm8905scope: - version: -

Trust: 0.6

vendor:qualcommmodel:msm8909scope: - version: -

Trust: 0.6

vendor:qualcommmodel:msm8998scope: - version: -

Trust: 0.6

vendor:qualcommmodel:qm215scope: - version: -

Trust: 0.6

vendor:qualcommmodel:rennellscope: - version: -

Trust: 0.6

vendor:qualcommmodel:qcm2150scope: - version: -

Trust: 0.6

vendor:qualcommmodel:sdm710scope: - version: -

Trust: 0.6

vendor:qualcommmodel:sdm845scope: - version: -

Trust: 0.6

vendor:qualcommmodel:sdm850scope: - version: -

Trust: 0.6

vendor:qualcommmodel:sm6150scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2020-20201 // JVNDB: JVNDB-2019-014812 // CNNVD: CNNVD-202003-132 // NVD: CVE-2019-10593

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-10593
value: CRITICAL

Trust: 1.0

NVD: JVNDB-2019-014812
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2020-20201
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202003-132
value: CRITICAL

Trust: 0.6

nvd@nist.gov: CVE-2019-10593
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2019-014812
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-20201
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2019-10593
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: JVNDB-2019-014812
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-20201 // JVNDB: JVNDB-2019-014812 // CNNVD: CNNVD-202003-132 // NVD: CVE-2019-10593

PROBLEMTYPE DATA

problemtype:CWE-120

Trust: 1.8

sources: JVNDB: JVNDB-2019-014812 // NVD: CVE-2019-10593

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202003-132

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202003-132

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-014812

PATCH
title:March 2020 Security Bulletinurl:https://www.qualcomm.com/company/product-security/bulletins/march-2020-bulletin
Trust: 0.8
title:Patch for Multiple Qualcomm product input verification error vulnerabilities (CNVD-2020-20201)url:https://www.cnvd.org.cn/patchInfo/show/211579
Trust: 0.6
title:Multiple Qualcomm Product input verification error vulnerability fixesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=111014
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-20201 // 
            
            
            
            JVNDB: JVNDB-2019-014812 // 
            
            
            
            CNNVD: CNNVD-202003-132

EXTERNAL IDS
db:NVDid:CVE-2019-10593
Trust: 3.0
db:JVNDBid:JVNDB-2019-014812
Trust: 0.8
db:CNVDid:CNVD-2020-20201
Trust: 0.6
db:CNNVDid:CNNVD-202003-132
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-20201 // 
            
            
            
            JVNDB: JVNDB-2019-014812 // 
            
            
            
            CNNVD: CNNVD-202003-132 // 
            
            
            
            NVD: CVE-2019-10593

REFERENCES
url:https://nvd.nist.gov/vuln/detail/cve-2019-10593
Trust: 2.0
url:https://www.qualcomm.com/company/product-security/bulletins/march-2020-bulletin
Trust: 1.6
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-10593
Trust: 0.8
url:https://vigilance.fr/vulnerability/google-android-pixel-multiple-vulnerabilities-of-march-2020-31720
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-20201 // 
            
            
            
            JVNDB: JVNDB-2019-014812 // 
            
            
            
            CNNVD: CNNVD-202003-132 // 
            
            
            
            NVD: CVE-2019-10593

SOURCES
db:CNVDid:CNVD-2020-20201
db:JVNDBid:JVNDB-2019-014812
db:CNNVDid:CNNVD-202003-132
db:NVDid:CVE-2019-10593

LAST UPDATE DATE
2024-11-23T22:11:35.730000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-20201date:2020-03-30T00:00:00
db:JVNDBid:JVNDB-2019-014812date:2020-03-18T00:00:00
db:CNNVDid:CNNVD-202003-132date:2020-03-13T00:00:00
db:NVDid:CVE-2019-10593date:2024-11-21T04:19:31.990

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-20201date:2020-03-30T00:00:00
db:JVNDBid:JVNDB-2019-014812date:2020-03-18T00:00:00
db:CNNVDid:CNNVD-202003-132date:2020-03-03T00:00:00
db:NVDid:CVE-2019-10593date:2020-03-05T09:15:16.110