CVE-2018-11849

EPSS 0.04%
Veröffentlicht 26.10.2018 13:29:01
Zuletzt bearbeitet 21.11.2024 03:44:07
Quelle product-security@qualcomm.com
Teams Watchlist Login
Unerledigt Login

Lack of check on out of range of bssid parameter When processing scan start command will lead to buffer flow in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version IPQ8074, MDM9206, MDM9607, MDM9635M, MDM9640, MDM9650, MSM8996AU, QCA4531, QCA6174A, QCA6564, QCA6574, QCA6574AU, QCA6584, QCA6584AU, QCA9377, QCA9378, QCA9379, QCA9886, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 600, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660, SDM630, SDM632, SDM636, SDM660, SDM710, SDX20, Snapdragon_High_Med_2016

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Qualcomm ≫ Ipq8074 Firmware Version-

Qualcomm ≫ Ipq8074 Version-

Qualcomm ≫ Mdm9206 Firmware Version-

Qualcomm ≫ Mdm9206 Version-

Qualcomm ≫ Mdm9607 Firmware Version-

Qualcomm ≫ Mdm9607 Version-

Qualcomm ≫ Mdm9635m Firmware Version-

Qualcomm ≫ Mdm9635m Version-

Qualcomm ≫ Mdm9640 Firmware Version-

Qualcomm ≫ Mdm9640 Version-

Qualcomm ≫ Mdm9650 Firmware Version-

Qualcomm ≫ Mdm9650 Version-

Qualcomm ≫ Msm8996au Firmware Version-

Qualcomm ≫ Msm8996au Version-

Qualcomm ≫ Qca4531 Firmware Version-

Qualcomm ≫ Qca4531 Version-

Qualcomm ≫ Qca6174a Firmware Version-

Qualcomm ≫ Qca6174a Version-

Qualcomm ≫ Qca6564 Firmware Version-

Qualcomm ≫ Qca6564 Version-

Qualcomm ≫ Qca6574 Firmware Version-

Qualcomm ≫ Qca6574 Version-

Qualcomm ≫ Qca6574au Firmware Version-

Qualcomm ≫ Qca6574au Version-

Qualcomm ≫ Qca6584 Firmware Version-

Qualcomm ≫ Qca6584 Version-

Qualcomm ≫ Qca6584au Firmware Version-

Qualcomm ≫ Qca6584au Version-

Qualcomm ≫ Qca9377 Firmware Version-

Qualcomm ≫ Qca9377 Version-

Qualcomm ≫ Qca9378 Firmware Version-

Qualcomm ≫ Qca9378 Version-

Qualcomm ≫ Qca9379 Firmware Version-

Qualcomm ≫ Qca9379 Version-

Qualcomm ≫ Qca9886 Firmware Version-

Qualcomm ≫ Qca9886 Version-

Qualcomm ≫ Sd 210 Firmware Version-

Qualcomm ≫ Sd 210 Version-

Qualcomm ≫ Sd 212 Firmware Version-

Qualcomm ≫ Sd 212 Version-

Qualcomm ≫ Sd 205 Firmware Version-

Qualcomm ≫ Sd 205 Version-

Qualcomm ≫ Sd 425 Firmware Version-

Qualcomm ≫ Sd 425 Version-

Qualcomm ≫ Sd 427 Firmware Version-

Qualcomm ≫ Sd 427 Version-

Qualcomm ≫ Sd 430 Firmware Version-

Qualcomm ≫ Sd 430 Version-

Qualcomm ≫ Sd 435 Firmware Version-

Qualcomm ≫ Sd 435 Version-

Qualcomm ≫ Sd 450 Firmware Version-

Qualcomm ≫ Sd 450 Version-

Qualcomm ≫ Sd 600 Firmware Version-

Qualcomm ≫ Sd 600 Version-

Qualcomm ≫ Sd 625 Firmware Version-

Qualcomm ≫ Sd 625 Version-

Qualcomm ≫ Sd 650 Firmware Version-

Qualcomm ≫ Sd 650 Version-

Qualcomm ≫ Sd 652 Firmware Version-

Qualcomm ≫ Sd 652 Version-

Qualcomm ≫ Sd 810 Firmware Version-

Qualcomm ≫ Sd 810 Version-

Qualcomm ≫ Sd 820 Firmware Version-

Qualcomm ≫ Sd 820 Version-

Qualcomm ≫ Sd 820a Firmware Version-

Qualcomm ≫ Sd 820a Version-

Qualcomm ≫ Sd 835 Firmware Version-

Qualcomm ≫ Sd 835 Version-

Qualcomm ≫ Sd 845 Firmware Version-

Qualcomm ≫ Sd 845 Version-

Qualcomm ≫ Sd 850 Firmware Version-

Qualcomm ≫ Sd 850 Version-

Qualcomm ≫ Sda660 Firmware Version-

Qualcomm ≫ Sda660 Version-

Qualcomm ≫ Sdm630 Firmware Version-

Qualcomm ≫ Sdm630 Version-

Qualcomm ≫ Sdm632 Firmware Version-

Qualcomm ≫ Sdm632 Version-

Qualcomm ≫ Sdm636 Firmware Version-

Qualcomm ≫ Sdm636 Version-

Qualcomm ≫ Sdm660 Firmware Version-

Qualcomm ≫ Sdm660 Version-

Qualcomm ≫ Sdm710 Firmware Version-

Qualcomm ≫ Sdm710 Version-

Qualcomm ≫ Sdx20 Firmware Version-

Qualcomm ≫ Sdx20 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.04%	0.08

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.2	3.9	10	AV:L/AC:L/Au:N/C:C/I:C/A:C

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

https://www.qualcomm.com/company/product-security/bulletins

Vendor Advisory

http://www.securityfocus.com/bid/107681

Third Party Advisory

VDB Entry

https://nvd.nist.gov/vuln/detail/CVE-2018-11849

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-11849

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-11849

EUVD