8.8

CVE-2018-11982

EPSS 0.08%
Veröffentlicht 20.09.2018 13:29:02
Zuletzt bearbeitet 21.11.2024 03:44:21
Quelle product-security@qualcomm.com
Teams Watchlist Login
Unerledigt Login

In Snapdragon (Mobile, Wear) in version MDM9206, MDM9607, MDM9635M, MDM9640, MDM9645, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 810, SD 820, SD 835, Snapdragon_High_Med_2016, a double free of ASN1 heap memory used for EUTRA CAP container occurs during UTRAN to LTE Capability inquiry procedure.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Qualcomm ≫ Mdm9206 Firmware Version-

Qualcomm ≫ Mdm9206 Version-

Qualcomm ≫ Mdm9607 Firmware Version-

Qualcomm ≫ Mdm9607 Version-

Qualcomm ≫ Mdm9635m Firmware Version-

Qualcomm ≫ Mdm9635m Version-

Qualcomm ≫ Mdm9640 Firmware Version-

Qualcomm ≫ Mdm9640 Version-

Qualcomm ≫ Mdm9645 Firmware Version-

Qualcomm ≫ Mdm9645 Version-

Qualcomm ≫ Mdm9655 Firmware Version-

Qualcomm ≫ Mdm9655 Version-

Qualcomm ≫ Msm8909w Firmware Version-

Qualcomm ≫ Msm8909w Version-

Qualcomm ≫ Msm8996au Firmware Version-

Qualcomm ≫ Msm8996au Version-

Qualcomm ≫ Sd210 Firmware Version-

Qualcomm ≫ Sd210 Version-

Qualcomm ≫ Sd212 Firmware Version-

Qualcomm ≫ Sd212 Version-

Qualcomm ≫ Sd205 Firmware Version-

Qualcomm ≫ Sd205 Version-

Qualcomm ≫ Sd410 Firmware Version-

Qualcomm ≫ Sd410 Version-

Qualcomm ≫ Sd412 Firmware Version-

Qualcomm ≫ Sd412 Version-

Qualcomm ≫ Sd425 Firmware Version-

Qualcomm ≫ Sd425 Version-

Qualcomm ≫ Sd427 Firmware Version-

Qualcomm ≫ Sd427 Version-

Qualcomm ≫ Sd430 Firmware Version-

Qualcomm ≫ Sd430 Version-

Qualcomm ≫ Sd435 Firmware Version-

Qualcomm ≫ Sd435 Version-

Qualcomm ≫ Sd450 Firmware Version-

Qualcomm ≫ Sd450 Version-

Qualcomm ≫ Sd615 Firmware Version-

Qualcomm ≫ Sd615 Version-

Qualcomm ≫ Sd616 Firmware Version-

Qualcomm ≫ Sd616 Version-

Qualcomm ≫ Sd415 Firmware Version-

Qualcomm ≫ Sd415 Version-

Qualcomm ≫ Sd617 Firmware Version-

Qualcomm ≫ Sd617 Version-

Qualcomm ≫ Sd625 Firmware Version-

Qualcomm ≫ Sd625 Version-

Qualcomm ≫ Sd650 Firmware Version-

Qualcomm ≫ Sd650 Version-

Qualcomm ≫ Sd652 Firmware Version-

Qualcomm ≫ Sd652 Version-

Qualcomm ≫ Sd810 Firmware Version-

Qualcomm ≫ Sd810 Version-

Qualcomm ≫ Sd820 Firmware Version-

Qualcomm ≫ Sd820 Version-

Qualcomm ≫ Sd835 Firmware Version-

Qualcomm ≫ Sd835 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.08%	0.208

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	8.3	6.5	10	AV:A/AC:L/Au:N/C:C/I:C/A:C

CWE-415 Double Free

The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.

https://www.qualcomm.com/company/product-security/bulletins

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2018-11982

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-11982

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-11982

EUVD