9.8

CVE-2016-10412

In Android before 2018-04-05 or earlier security patch level on Qualcomm Small Cell SoC, Snapdragon Mobile, and Snapdragon Wear FSM9055, MDM9206, MDM9607, MDM9615, MDM9635M, MDM9640, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 600, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 835, and SDX20, an integer overflow leading to buffer overflow can potentially occur in a memory API function.

Data is provided by the National Vulnerability Database (NVD)
QualcommMdm9206 Firmware Version-
   QualcommMdm9206 Version-
QualcommMdm9607 Firmware Version-
   QualcommMdm9607 Version-
QualcommMdm9615 Firmware Version-
   QualcommMdm9615 Version-
QualcommFsm9055 Firmware Version-
   QualcommFsm9055 Version-
QualcommMdm9635m Firmware Version-
   QualcommMdm9635m Version-
QualcommMdm9640 Firmware Version-
   QualcommMdm9640 Version-
QualcommMdm9650 Firmware Version-
   QualcommMdm9650 Version-
QualcommMsm8909w Firmware Version-
   QualcommMsm8909w Version-
QualcommSd 210 Firmware Version-
   QualcommSd 210 Version-
QualcommSd 212 Firmware Version-
   QualcommSd 212 Version-
QualcommSd 205 Firmware Version-
   QualcommSd 205 Version-
QualcommSd 400 Firmware Version-
   QualcommSd 400 Version-
QualcommSd 410 Firmware Version-
   QualcommSd 410 Version-
QualcommSd 412 Firmware Version-
   QualcommSd 412 Version-
QualcommSd 425 Firmware Version-
   QualcommSd 425 Version-
QualcommSd 430 Firmware Version-
   QualcommSd 430 Version-
QualcommSd 450 Firmware Version-
   QualcommSd 450 Version-
QualcommSd 615 Firmware Version-
   QualcommSd 615 Version-
QualcommSd 616 Firmware Version-
   QualcommSd 616 Version-
QualcommSd 415 Firmware Version-
   QualcommSd 415 Version-
QualcommSd 617 Firmware Version-
   QualcommSd 617 Version-
QualcommSd 625 Firmware Version-
   QualcommSd 625 Version-
QualcommSd 650 Firmware Version-
   QualcommSd 650 Version-
QualcommSd 652 Firmware Version-
   QualcommSd 652 Version-
QualcommSd 800 Firmware Version-
   QualcommSd 800 Version-
QualcommSd 808 Firmware Version-
   QualcommSd 808 Version-
QualcommSd 810 Firmware Version-
   QualcommSd 810 Version-
QualcommSd 820 Firmware Version-
   QualcommSd 820 Version-
QualcommSd 835 Firmware Version-
   QualcommSd 835 Version-
QualcommSdx20 Firmware Version-
   QualcommSdx20 Version-
QualcommSd 600 Firmware Version-
   QualcommSd 600 Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.35% 0.547
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE-190 Integer Overflow or Wraparound

The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.

http://www.securityfocus.com/bid/103671
Third Party Advisory
VDB Entry