CVE-2019-10499

EPSS 0.04%
Veröffentlicht 30.09.2019 16:15:10
Zuletzt bearbeitet 21.11.2024 04:19:17
Quelle product-security@qualcomm.com
Teams Watchlist Login
Unerledigt Login

Improper validation of read and write index of tx and rx fifo`s before using for data copy from fifo can lead to out-of-bound access. in Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in IPQ4019, IPQ8064, IPQ8074, QCS405, SD 665, SD 675, SD 730, SD 855

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Qualcomm ≫ Ipq4019 Firmware Version-

Qualcomm ≫ Ipq4019 Version-

Qualcomm ≫ Ipq8064 Firmware Version-

Qualcomm ≫ Ipq8064 Version-

Qualcomm ≫ Ipq8074 Firmware Version-

Qualcomm ≫ Ipq8074 Version-

Qualcomm ≫ Qcs405 Firmware Version-

Qualcomm ≫ Qcs405 Version-

Qualcomm ≫ Sd 665 Firmware Version-

Qualcomm ≫ Sd 665 Version-

Qualcomm ≫ Sd 675 Firmware Version-

Qualcomm ≫ Sd 675 Version-

Qualcomm ≫ Sd 730 Firmware Version-

Qualcomm ≫ Sd 730 Version-

Qualcomm ≫ Sd 855 Firmware Version-

Qualcomm ≫ Sd 855 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.04%	0.067

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.2	3.9	10	AV:L/AC:L/Au:N/C:C/I:C/A:C

CWE-129 Improper Validation of Array Index

The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.

https://www.codeaurora.org/security-bulletin/2019/08/05/august-2019-code-aurora-security-bulletin

Patch

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2019-10499

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-10499

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-10499

EUVD