CVE-2018-11902

EPSS 0.03%
Veröffentlicht 19.09.2018 14:29:01
Zuletzt bearbeitet 21.11.2024 03:44:13
Quelle product-security@qualcomm.com
CVE-Watchlists
Login
Unerledigt
Login

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack of length validation check for value received from firmware can lead to OOB access in WLAN HOST.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Google ≫ Android Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.03%	0.08

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.2	3.9	10	AV:L/AC:L/Au:N/C:C/I:C/A:C

CWE-129 Improper Validation of Array Index

The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.

http://www.securityfocus.com/bid/107770

Third Party Advisory

VDB Entry

https://www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-aurora-security-bulletin

Patch

Third Party Advisory

https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=e6298b787b3510c295dd0c9276194b3578f3cf09

Patch

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2018-11902

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-11902

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-11902

EUVD