CVE-2017-6421

EPSS 0.27%
Veröffentlicht 16.08.2017 15:29:00
Zuletzt bearbeitet 20.04.2025 01:37:25
Quelle product-security@qualcomm.com
CVE-Watchlists
Login
Unerledigt
Login

In the touch controller function in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, a variable may be controlled by the user and can lead to a buffer overflow.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Google ≫ Android

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.27%	0.472

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	5.8	6.5	6.4	AV:A/AC:L/Au:N/C:P/I:P/A:P

CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

http://www.securitytracker.com/id/1038623

Third Party Advisory

VDB Entry

https://source.android.com/security/bulletin/2017-06-01

Patch

Vendor Advisory

https://source.codeaurora.org/quic/la//kernel/msm-4.4/commit/?id=be42c7ff1f0396484882451fd18f47144c8f1b6b

Patch

Third Party Advisory

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2017-6421

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-6421

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-6421

EUVD