CVE-2018-11898

EPSS 0.02%
Veröffentlicht 19.09.2018 14:29:01
Zuletzt bearbeitet 21.11.2024 03:44:13
Quelle product-security@qualcomm.com
CVE-Watchlists
Login
Unerledigt
Login

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while processing start bss request from upper layer, out of bounds read occurs if ssid length is greater than maximum.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Google ≫ Android Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.042

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.2	3.9	10	AV:L/AC:L/Au:N/C:C/I:C/A:C

CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

https://www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-aurora-security-bulletin

Patch

Third Party Advisory

https://source.android.com/security/bulletin/2018-09-01#qualcomm-components

Patch

Vendor Advisory

https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=dc657f502adb3038784b7488d2f183ed31b6aac3

Patch

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2018-11898

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-11898

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-11898

EUVD