7.8

CVE-2018-11267

In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607, MDM9615, MDM9640, MDM9650, MDM9655, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 600, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, SDX20, Snapdragon_High_Med_2016, when sending an malformed XML data to deviceprogrammer/firehose it may do an out of bounds buffer write allowing a region of memory to be filled with 0x20.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
QualcommMdm9206 Firmware Version-
   QualcommMdm9206 Version-
QualcommMdm9607 Firmware Version-
   QualcommMdm9607 Version-
QualcommMdm9615 Firmware Version-
   QualcommMdm9615 Version-
QualcommMdm9640 Firmware Version-
   QualcommMdm9640 Version-
QualcommMdm9650 Firmware Version-
   QualcommMdm9650 Version-
QualcommMdm9655 Firmware Version-
   QualcommMdm9655 Version-
QualcommMsm8996au Firmware Version-
   QualcommMsm8996au Version-
QualcommSd210 Firmware Version-
   QualcommSd210 Version-
QualcommSd212 Firmware Version-
   QualcommSd212 Version-
QualcommSd205 Firmware Version-
   QualcommSd205 Version-
QualcommSd410 Firmware Version-
   QualcommSd410 Version-
QualcommSd412 Firmware Version-
   QualcommSd412 Version-
QualcommSd425 Firmware Version-
   QualcommSd425 Version-
QualcommSd427 Firmware Version-
   QualcommSd427 Version-
QualcommSd430 Firmware Version-
   QualcommSd430 Version-
QualcommSd435 Firmware Version-
   QualcommSd435 Version-
QualcommSd450 Firmware Version-
   QualcommSd450 Version-
QualcommSd600 Firmware Version-
   QualcommSd600 Version-
QualcommSd615 Firmware Version-
   QualcommSd615 Version-
QualcommSd616 Firmware Version-
   QualcommSd616 Version-
QualcommSd415 Firmware Version-
   QualcommSd415 Version-
QualcommSd617 Firmware Version-
   QualcommSd617 Version-
QualcommSd625 Firmware Version-
   QualcommSd625 Version-
QualcommSd650 Firmware Version-
   QualcommSd650 Version-
QualcommSd652 Firmware Version-
   QualcommSd652 Version-
QualcommSd820 Firmware Version-
   QualcommSd820 Version-
QualcommSd820a Firmware Version-
   QualcommSd820a Version-
QualcommSd835 Firmware Version-
   QualcommSd835 Version-
QualcommSd845 Firmware Version-
   QualcommSd845 Version-
QualcommSd850 Firmware Version-
   QualcommSd850 Version-
QualcommSda660 Firmware Version-
   QualcommSda660 Version-
QualcommSdm429 Firmware Version-
   QualcommSdm429 Version-
QualcommSdm439 Firmware Version-
   QualcommSdm439 Version-
QualcommSdm630 Firmware Version-
   QualcommSdm630 Version-
QualcommSdm632 Firmware Version-
   QualcommSdm632 Version-
QualcommSdm636 Firmware Version-
   QualcommSdm636 Version-
QualcommSdm660 Firmware Version-
   QualcommSdm660 Version-
QualcommSdx20 Firmware Version-
   QualcommSdx20 Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.04% 0.08
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.2 3.9 10
AV:L/AC:L/Au:N/C:C/I:C/A:C
CWE-129 Improper Validation of Array Index

The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.

http://www.securityfocus.com/bid/106128
Third Party Advisory
VDB Entry