ID

VAR-202003-1266


CVE

CVE-2019-10587


TITLE

plural Snapdragon Out-of-bounds write vulnerabilities in the product

Trust: 0.8

sources: JVNDB: JVNDB-2019-014810

DESCRIPTION

Possible Stack overflow can occur when processing a large SDP body or non standard SDP body without right delimiters in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096, APQ8096AU, APQ8098, MDM9150, MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS605, QM215, Rennell, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SXR1130. plural Snapdragon The product contains an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Qualcomm MDM9206, etc. are all products of Qualcomm. MDM9206 is a central processing unit (CPU) product. SDX24 is a modem. APQ8017 is a central processing unit (CPU) product. There are buffer overflow vulnerabilities in the Data Modem of many Qualcomm products. The vulnerability stems from the program's failure to perform correct boundary checks. An attacker can use the specially crafted data packet to execute the arbitrary code on the system

Trust: 2.16

sources: NVD: CVE-2019-10587 // JVNDB: JVNDB-2019-014810 // CNVD: CNVD-2020-20200

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-20200

AFFECTED PRODUCTS

vendor:qualcommmodel:apq8009scope:eqversion: -

Trust: 2.2

vendor:qualcommmodel:apq8096auscope:eqversion: -

Trust: 2.2

vendor:qualcommmodel:apq8017scope:eqversion: -

Trust: 2.2

vendor:qualcommmodel:apq8096scope:eqversion: -

Trust: 2.2

vendor:qualcommmodel:apq8053scope:eqversion: -

Trust: 2.2

vendor:qualcommmodel:mdm9206scope: - version: -

Trust: 1.4

vendor:qualcommmodel:mdm9607scope: - version: -

Trust: 1.4

vendor:qualcommmodel:mdm9615scope: - version: -

Trust: 1.4

vendor:qualcommmodel:mdm9150scope: - version: -

Trust: 1.4

vendor:qualcommmodel:apq8009scope: - version: -

Trust: 1.4

vendor:qualcommmodel:apq8017scope: - version: -

Trust: 1.4

vendor:qualcommmodel:apq8053scope: - version: -

Trust: 1.4

vendor:qualcommmodel:apq8096auscope: - version: -

Trust: 1.4

vendor:qualcommmodel:apq8098scope: - version: -

Trust: 1.4

vendor:qualcommmodel:apq8096scope: - version: -

Trust: 1.4

vendor:qualcommmodel:msm8909scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8953scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sc8180xscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8917scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8998scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm429scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdx24scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sda660scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9615scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9607scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm450scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm710scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9645scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9206scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm660scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9655scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9640scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9150scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm845scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8940scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sxr1130scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qcm2150scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sm8150scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdx55scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sda845scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm636scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8996auscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9625scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sm7150scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:apq8098scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qcs605scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sm6150scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm632scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm429wscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm670scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9650scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm630scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm850scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qm215scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm439scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:nicobarscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8909wscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8905scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9635mscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8920scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdx20scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:rennellscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8937scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8909wscope: - version: -

Trust: 0.6

vendor:qualcommmodel:sdx20scope: - version: -

Trust: 0.6

vendor:qualcommmodel:sdm429scope: - version: -

Trust: 0.6

vendor:qualcommmodel:sdm439scope: - version: -

Trust: 0.6

vendor:qualcommmodel:sdm632scope: - version: -

Trust: 0.6

vendor:qualcommmodel:sdm636scope: - version: -

Trust: 0.6

vendor:qualcommmodel:sdm660scope: - version: -

Trust: 0.6

vendor:qualcommmodel:msm8996auscope: - version: -

Trust: 0.6

vendor:qualcommmodel:sda660scope: - version: -

Trust: 0.6

vendor:qualcommmodel:sda845scope: - version: -

Trust: 0.6

vendor:qualcommmodel:sdx24scope: - version: -

Trust: 0.6

vendor:qualcommmodel:sxr1130scope: - version: -

Trust: 0.6

vendor:qualcommmodel:mdm9625scope: - version: -

Trust: 0.6

vendor:qualcommmodel:mdm9635mscope: - version: -

Trust: 0.6

vendor:qualcommmodel:mdm9645scope: - version: -

Trust: 0.6

vendor:qualcommmodel:mdm9650scope: - version: -

Trust: 0.6

vendor:qualcommmodel:mdm9655scope: - version: -

Trust: 0.6

vendor:qualcommmodel:mdm9640scope: - version: -

Trust: 0.6

vendor:qualcommmodel:qcs605scope: - version: -

Trust: 0.6

vendor:qualcommmodel:sdm630scope: - version: -

Trust: 0.6

vendor:qualcommmodel:nicobarscope: - version: -

Trust: 0.6

vendor:qualcommmodel:sm7150scope: - version: -

Trust: 0.6

vendor:qualcommmodel:sdm670scope: - version: -

Trust: 0.6

vendor:qualcommmodel:sm8150scope: - version: -

Trust: 0.6

vendor:qualcommmodel:sdm429wscope: - version: -

Trust: 0.6

vendor:qualcommmodel:msm8917scope: - version: -

Trust: 0.6

vendor:qualcommmodel:msm8920scope: - version: -

Trust: 0.6

vendor:qualcommmodel:msm8937scope: - version: -

Trust: 0.6

vendor:qualcommmodel:msm8940scope: - version: -

Trust: 0.6

vendor:qualcommmodel:msm8953scope: - version: -

Trust: 0.6

vendor:qualcommmodel:sc8180xscope: - version: -

Trust: 0.6

vendor:qualcommmodel:sdm450scope: - version: -

Trust: 0.6

vendor:qualcommmodel:sdx55scope: - version: -

Trust: 0.6

vendor:qualcommmodel:msm8905scope: - version: -

Trust: 0.6

vendor:qualcommmodel:msm8909scope: - version: -

Trust: 0.6

vendor:qualcommmodel:msm8998scope: - version: -

Trust: 0.6

vendor:qualcommmodel:qm215scope: - version: -

Trust: 0.6

vendor:qualcommmodel:rennellscope: - version: -

Trust: 0.6

vendor:qualcommmodel:qcm2150scope: - version: -

Trust: 0.6

vendor:qualcommmodel:sdm710scope: - version: -

Trust: 0.6

vendor:qualcommmodel:sdm845scope: - version: -

Trust: 0.6

vendor:qualcommmodel:sdm850scope: - version: -

Trust: 0.6

vendor:qualcommmodel:sm6150scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2020-20200 // JVNDB: JVNDB-2019-014810 // CNNVD: CNNVD-202003-131 // NVD: CVE-2019-10587

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-10587
value: CRITICAL

Trust: 1.0

NVD: JVNDB-2019-014810
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2020-20200
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202003-131
value: CRITICAL

Trust: 0.6

nvd@nist.gov: CVE-2019-10587
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2019-014810
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-20200
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2019-10587
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: JVNDB-2019-014810
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-20200 // JVNDB: JVNDB-2019-014810 // CNNVD: CNNVD-202003-131 // NVD: CVE-2019-10587

PROBLEMTYPE DATA

problemtype:CWE-787

Trust: 1.8

sources: JVNDB: JVNDB-2019-014810 // NVD: CVE-2019-10587

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202003-131

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202003-131

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-014810

PATCH

title:March 2020 Security Bulletinurl:https://www.qualcomm.com/company/product-security/bulletins/march-2020-bulletin

Trust: 0.8

title:Patch for Multiple Qualcomm products Data Modem buffer overflow vulnerability (CNVD-2020-20200)url:https://www.cnvd.org.cn/patchInfo/show/211561

Trust: 0.6

title:Multiple Qualcomm product Data Modem Buffer error vulnerability fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=111592

Trust: 0.6

sources: CNVD: CNVD-2020-20200 // JVNDB: JVNDB-2019-014810 // CNNVD: CNNVD-202003-131

EXTERNAL IDS

db:NVDid:CVE-2019-10587

Trust: 3.0

db:JVNDBid:JVNDB-2019-014810

Trust: 0.8

db:CNVDid:CNVD-2020-20200

Trust: 0.6

db:CNNVDid:CNNVD-202003-131

Trust: 0.6

sources: CNVD: CNVD-2020-20200 // JVNDB: JVNDB-2019-014810 // CNNVD: CNNVD-202003-131 // NVD: CVE-2019-10587

REFERENCES

url:https://nvd.nist.gov/vuln/detail/cve-2019-10587

Trust: 2.0

url:https://www.qualcomm.com/company/product-security/bulletins/march-2020-bulletin

Trust: 1.6

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-10587

Trust: 0.8

url:https://vigilance.fr/vulnerability/google-android-pixel-multiple-vulnerabilities-of-march-2020-31720

Trust: 0.6

sources: CNVD: CNVD-2020-20200 // JVNDB: JVNDB-2019-014810 // CNNVD: CNNVD-202003-131 // NVD: CVE-2019-10587

SOURCES

db:CNVDid:CNVD-2020-20200
db:JVNDBid:JVNDB-2019-014810
db:CNNVDid:CNNVD-202003-131
db:NVDid:CVE-2019-10587

LAST UPDATE DATE

2024-11-23T22:33:33.585000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2020-20200date:2020-03-30T00:00:00
db:JVNDBid:JVNDB-2019-014810date:2020-03-18T00:00:00
db:CNNVDid:CNNVD-202003-131date:2020-03-13T00:00:00
db:NVDid:CVE-2019-10587date:2024-11-21T04:19:30.947

SOURCES RELEASE DATE

db:CNVDid:CNVD-2020-20200date:2020-03-30T00:00:00
db:JVNDBid:JVNDB-2019-014810date:2020-03-18T00:00:00
db:CNNVDid:CNNVD-202003-131date:2020-03-03T00:00:00
db:NVDid:CVE-2019-10587date:2020-03-05T09:15:16