Details of VAR-202003-1265

ID

VAR-202003-1265

CVE

CVE-2019-10586

TITLE

plural Snapdragon Classic buffer overflow vulnerability in the product

Trust: 0.8

sources: JVNDB: JVNDB-2019-014809

DESCRIPTION

Filling media attribute tag names without validating the destination buffer size which can result in the buffer overflow in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9150, MDM9205, MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS605, QM215, Rennell, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SXR1130. plural Snapdragon The product contains a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Qualcomm MDM9206, etc. are all products of Qualcomm. MDM9206 is a central processing unit (CPU) product. SDX24 is a modem. SDA660 is a central processing unit (CPU) product. The Data Modem in many Qualcomm products has a buffer overflow vulnerability. The vulnerability stems from the fact that the network system or product performs an operation on the memory and does not correctly verify the data boundary, resulting in the wrong read and write operations to other associated memory locations. , An attacker can use this vulnerability to cause a buffer overflow or heap overflow

Trust: 2.16

sources: NVD: CVE-2019-10586 // JVNDB: JVNDB-2019-014809 // CNVD: CNVD-2020-20198

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2020-20198

AFFECTED PRODUCTS

vendor:	qualcomm	model:	mdm9206	scope:	-	version:	-	Trust: 1.4
vendor:	qualcomm	model:	mdm9607	scope:	-	version:	-	Trust: 1.4
vendor:	qualcomm	model:	mdm9615	scope:	-	version:	-	Trust: 1.4
vendor:	qualcomm	model:	mdm9150	scope:	-	version:	-	Trust: 1.4
vendor:	qualcomm	model:	mdm9205	scope:	-	version:	-	Trust: 1.4
vendor:	qualcomm	model:	apq8009	scope:	-	version:	-	Trust: 1.4
vendor:	qualcomm	model:	apq8017	scope:	-	version:	-	Trust: 1.4
vendor:	qualcomm	model:	apq8053	scope:	-	version:	-	Trust: 1.4
vendor:	qualcomm	model:	apq8096au	scope:	-	version:	-	Trust: 1.4
vendor:	qualcomm	model:	apq8098	scope:	-	version:	-	Trust: 1.4
vendor:	qualcomm	model:	msm8909	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	apq8053	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	msm8953	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sc8180x	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	msm8917	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	msm8998	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdm429	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdx24	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sda660	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	mdm9615	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	mdm9607	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdm450	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdm710	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	mdm9645	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	mdm9206	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdm660	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	mdm9655	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	mdm9640	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	mdm9150	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdm845	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	msm8940	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sxr1130	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qcm2150	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sm8150	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdx55	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sda845	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdm636	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	apq8096au	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	msm8996au	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	mdm9625	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sm7150	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	apq8009	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	apq8098	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qcs605	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sm6150	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdm632	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdm429w	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdm670	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	mdm9650	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	apq8017	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	mdm9205	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdm630	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdm850	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qm215	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdm439	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	nicobar	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	msm8909w	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	msm8905	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	mdm9635m	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	msm8920	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdx20	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	rennell	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	msm8937	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	msm8909w	scope:	-	version:	-	Trust: 0.6
vendor:	qualcomm	model:	msm8996au	scope:	-	version:	-	Trust: 0.6
vendor:	qualcomm	model:	sdx20	scope:	-	version:	-	Trust: 0.6
vendor:	qualcomm	model:	sdm429	scope:	-	version:	-	Trust: 0.6
vendor:	qualcomm	model:	sdm439	scope:	-	version:	-	Trust: 0.6
vendor:	qualcomm	model:	sdm632	scope:	-	version:	-	Trust: 0.6
vendor:	qualcomm	model:	sdm636	scope:	-	version:	-	Trust: 0.6
vendor:	qualcomm	model:	sdm660	scope:	-	version:	-	Trust: 0.6
vendor:	qualcomm	model:	sda845	scope:	-	version:	-	Trust: 0.6
vendor:	qualcomm	model:	sdx24	scope:	-	version:	-	Trust: 0.6
vendor:	qualcomm	model:	sxr1130	scope:	-	version:	-	Trust: 0.6
vendor:	qualcomm	model:	mdm9625	scope:	-	version:	-	Trust: 0.6
vendor:	qualcomm	model:	mdm9635m	scope:	-	version:	-	Trust: 0.6
vendor:	qualcomm	model:	mdm9645	scope:	-	version:	-	Trust: 0.6
vendor:	qualcomm	model:	mdm9650	scope:	-	version:	-	Trust: 0.6
vendor:	qualcomm	model:	mdm9655	scope:	-	version:	-	Trust: 0.6
vendor:	qualcomm	model:	mdm9640	scope:	-	version:	-	Trust: 0.6
vendor:	qualcomm	model:	qcs605	scope:	-	version:	-	Trust: 0.6
vendor:	qualcomm	model:	sda660	scope:	-	version:	-	Trust: 0.6
vendor:	qualcomm	model:	sdm630	scope:	-	version:	-	Trust: 0.6
vendor:	qualcomm	model:	nicobar	scope:	-	version:	-	Trust: 0.6
vendor:	qualcomm	model:	sm7150	scope:	-	version:	-	Trust: 0.6
vendor:	qualcomm	model:	sdm670	scope:	-	version:	-	Trust: 0.6
vendor:	qualcomm	model:	sm8150	scope:	-	version:	-	Trust: 0.6
vendor:	qualcomm	model:	sdm429w	scope:	-	version:	-	Trust: 0.6
vendor:	qualcomm	model:	msm8917	scope:	-	version:	-	Trust: 0.6
vendor:	qualcomm	model:	msm8920	scope:	-	version:	-	Trust: 0.6
vendor:	qualcomm	model:	msm8937	scope:	-	version:	-	Trust: 0.6
vendor:	qualcomm	model:	msm8940	scope:	-	version:	-	Trust: 0.6
vendor:	qualcomm	model:	msm8953	scope:	-	version:	-	Trust: 0.6
vendor:	qualcomm	model:	sc8180x	scope:	-	version:	-	Trust: 0.6
vendor:	qualcomm	model:	sdm450	scope:	-	version:	-	Trust: 0.6
vendor:	qualcomm	model:	sdx55	scope:	-	version:	-	Trust: 0.6
vendor:	qualcomm	model:	msm8905	scope:	-	version:	-	Trust: 0.6
vendor:	qualcomm	model:	msm8909	scope:	-	version:	-	Trust: 0.6
vendor:	qualcomm	model:	msm8998	scope:	-	version:	-	Trust: 0.6
vendor:	qualcomm	model:	qm215	scope:	-	version:	-	Trust: 0.6
vendor:	qualcomm	model:	rennell	scope:	-	version:	-	Trust: 0.6
vendor:	qualcomm	model:	qcm2150	scope:	-	version:	-	Trust: 0.6
vendor:	qualcomm	model:	sdm710	scope:	-	version:	-	Trust: 0.6
vendor:	qualcomm	model:	sdm845	scope:	-	version:	-	Trust: 0.6
vendor:	qualcomm	model:	sdm850	scope:	-	version:	-	Trust: 0.6
vendor:	qualcomm	model:	sm6150	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2020-20198 // JVNDB: JVNDB-2019-014809 // NVD: CVE-2019-10586

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-10586
value:	CRITICAL
Trust: 1.0
NVD:	JVNDB-2019-014809
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2020-20198
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-202003-129
value:	CRITICAL
Trust: 0.6

nvd@nist.gov:	CVE-2019-10586
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
NVD:	JVNDB-2019-014809
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2020-20198
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2019-10586
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	JVNDB-2019-014809
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2020-20198 // JVNDB: JVNDB-2019-014809 // CNNVD: CNNVD-202003-129 // NVD: CVE-2019-10586

PROBLEMTYPE DATA

problemtype:

CWE-120

Trust: 1.8

sources: JVNDB: JVNDB-2019-014809 // NVD: CVE-2019-10586

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202003-129

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202003-129

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-014809

PATCH

title:	March 2020 Security Bulletin	url:	https://www.qualcomm.com/company/product-security/bulletins/march-2020-bulletin	Trust: 0.8
title:	Patch for Multiple Qualcomm products Data Modem buffer overflow vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/211545	Trust: 0.6
title:	Multiple Qualcomm product Data Modem Buffer error vulnerability fix	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=111590	Trust: 0.6

sources: CNVD: CNVD-2020-20198 // JVNDB: JVNDB-2019-014809 // CNNVD: CNNVD-202003-129

EXTERNAL IDS

db:	NVD	id:	CVE-2019-10586	Trust: 3.0
db:	JVNDB	id:	JVNDB-2019-014809	Trust: 0.8
db:	CNVD	id:	CNVD-2020-20198	Trust: 0.6
db:	CNNVD	id:	CNNVD-202003-129	Trust: 0.6

sources: CNVD: CNVD-2020-20198 // JVNDB: JVNDB-2019-014809 // CNNVD: CNNVD-202003-129 // NVD: CVE-2019-10586

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2019-10586	Trust: 2.0
url:	https://www.qualcomm.com/company/product-security/bulletins/march-2020-bulletin	Trust: 1.6
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-10586	Trust: 0.8
url:	https://vigilance.fr/vulnerability/google-android-pixel-multiple-vulnerabilities-of-march-2020-31720	Trust: 0.6

sources: CNVD: CNVD-2020-20198 // JVNDB: JVNDB-2019-014809 // CNNVD: CNNVD-202003-129 // NVD: CVE-2019-10586

SOURCES

db:	CNVD	id:	CNVD-2020-20198
db:	JVNDB	id:	JVNDB-2019-014809
db:	CNNVD	id:	CNNVD-202003-129
db:	NVD	id:	CVE-2019-10586

LAST UPDATE DATE

2024-11-23T23:11:32.409000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2020-20198	date:	2020-03-30T00:00:00
db:	JVNDB	id:	JVNDB-2019-014809	date:	2020-03-18T00:00:00
db:	CNNVD	id:	CNNVD-202003-129	date:	2020-04-02T00:00:00
db:	NVD	id:	CVE-2019-10586	date:	2024-11-21T04:19:30.760

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2020-20198	date:	2020-03-30T00:00:00
db:	JVNDB	id:	JVNDB-2019-014809	date:	2020-03-18T00:00:00
db:	CNNVD	id:	CNNVD-202003-129	date:	2020-03-03T00:00:00
db:	NVD	id:	CVE-2019-10586	date:	2020-03-05T09:15:15.923