7.8
CVE-2019-10605
- EPSS 0.09%
- Published 18.12.2019 06:15:12
- Last modified 21.11.2024 04:19:33
- Source product-security@qualcomm.com
- Teams watchlist Login
- Open Login
Buffer overwrite can occur in IEEE80211 header filling function due to lack of range check of array index received from firmware in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8053, IPQ8074, MDM9607, MDM9650, MSM8909, MSM8939, QCN7605, SDA660, SDM630, SDM636, SDM660, SDX20, SDX24
Data is provided by the National Vulnerability Database (NVD)
Qualcomm ≫ Apq8009 Firmware Version-
Qualcomm ≫ Apq8053 Firmware Version-
Qualcomm ≫ Ipq8074 Firmware Version-
Qualcomm ≫ Mdm9607 Firmware Version-
Qualcomm ≫ Mdm9650 Firmware Version-
Qualcomm ≫ Msm8909 Firmware Version-
Qualcomm ≫ Msm8939 Firmware Version-
Qualcomm ≫ Qcn7605 Firmware Version-
Qualcomm ≫ Sda660 Firmware Version-
Qualcomm ≫ Sdm630 Firmware Version-
Qualcomm ≫ Sdm636 Firmware Version-
Qualcomm ≫ Sdm660 Firmware Version-
Qualcomm ≫ Sdx20 Firmware Version-
Qualcomm ≫ Sdx24 Firmware Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.09% | 0.238 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 7.2 | 3.9 | 10 |
AV:L/AC:L/Au:N/C:C/I:C/A:C
|
CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.