9.8

CVE-2018-11945

Improper input validation in wireless service messaging module for data received from broadcast messages can lead to heap overflow in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in versions MDM9150, MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9650, MDM9655, MSM8909W, MSM8996AU, QCS605, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 675, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, SDX20, Snapdragon_High_Med_2016, SXR1130.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
QualcommMdm9150 Firmware Version-
   QualcommMdm9150 Version-
QualcommMdm9206 Firmware Version-
   QualcommMdm9206 Version-
QualcommMdm9607 Firmware Version-
   QualcommMdm9607 Version-
QualcommMdm9615 Firmware Version-
   QualcommMdm9615 Version-
QualcommMdm9625 Firmware Version-
   QualcommMdm9625 Version-
QualcommMdm9635m Firmware Version-
   QualcommMdm9635m Version-
QualcommMdm9640 Firmware Version-
   QualcommMdm9640 Version-
QualcommMdm9650 Firmware Version-
   QualcommMdm9650 Version-
QualcommMdm9655 Firmware Version-
   QualcommMdm9655 Version-
QualcommMsm8909w Firmware Version-
   QualcommMsm8909w Version-
QualcommMsm8996au Firmware Version-
   QualcommMsm8996au Version-
QualcommQcs605 Firmware Version-
   QualcommQcs605 Version-
QualcommSd 210 Firmware Version-
   QualcommSd 210 Version-
QualcommSd 212 Firmware Version-
   QualcommSd 212 Version-
QualcommSd 205 Firmware Version-
   QualcommSd 205 Version-
QualcommSd 410 Firmware Version-
   QualcommSd 410 Version-
QualcommSd 12 Firmware Version-
   QualcommSd 12 Version-
QualcommSd 425 Firmware Version-
   QualcommSd 425 Version-
QualcommSd 427 Firmware Version-
   QualcommSd 427 Version-
QualcommSd 430 Firmware Version-
   QualcommSd 430 Version-
QualcommSd 435 Firmware Version-
   QualcommSd 435 Version-
QualcommSd 439 Firmware Version-
   QualcommSd 439 Version-
QualcommSd 429 Firmware Version-
   QualcommSd 429 Version-
QualcommSd 450 Firmware Version-
   QualcommSd 450 Version-
QualcommSd 615 Firmware Version-
   QualcommSd 615 Version-
QualcommSd 16 Firmware Version-
   QualcommSd 16 Version-
QualcommSd 415 Firmware Version-
   QualcommSd 415 Version-
QualcommSd 625 Firmware Version-
   QualcommSd 625 Version-
QualcommSd 632 Firmware Version-
   QualcommSd 632 Version-
QualcommSd 636 Firmware Version-
   QualcommSd 636 Version-
QualcommSd 650 Firmware Version-
   QualcommSd 650 Version-
QualcommSd 52 Firmware Version-
   QualcommSd 52 Version-
QualcommSd 675 Firmware Version-
   QualcommSd 675 Version-
QualcommSd 712 Firmware Version-
   QualcommSd 712 Version-
QualcommSd 710 Firmware Version-
   QualcommSd 710 Version-
QualcommSd 670 Firmware Version-
   QualcommSd 670 Version-
QualcommSd 820 Firmware Version-
   QualcommSd 820 Version-
QualcommSd 820a Firmware Version-
   QualcommSd 820a Version-
QualcommSd 835 Firmware Version-
   QualcommSd 835 Version-
QualcommSd 845 Firmware Version-
   QualcommSd 845 Version-
QualcommSd 850 Firmware Version-
   QualcommSd 850 Version-
QualcommSd 855 Firmware Version-
   QualcommSd 855 Version-
QualcommSd 8cx Firmware Version-
   QualcommSd 8cx Version-
QualcommSda660 Firmware Version-
   QualcommSda660 Version-
QualcommSdm439 Firmware Version-
   QualcommSdm439 Version-
QualcommSdm630 Firmware Version-
   QualcommSdm630 Version-
QualcommSdm660 Firmware Version-
   QualcommSdm660 Version-
QualcommSdx20 Firmware Version-
   QualcommSdx20 Version-
QualcommSxr1130 Firmware Version-
   QualcommSxr1130 Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.35% 0.547
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

http://www.securityfocus.com/bid/106845
Third Party Advisory
VDB Entry