CVE-2019-14038

EPSS 0.04%
Veröffentlicht 02.06.2020 15:15:10
Zuletzt bearbeitet 21.11.2024 04:25:57
Quelle product-security@qualcomm.com
Teams Watchlist Login
Unerledigt Login

Buffer over-read in ADSP parse function due to lack of check for availability of sufficient data payload received in command response in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8053, APQ8098, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8905, MSM8909W, MSM8917, MSM8953, QCS605, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM670, SDM710, SDM845, SDX20, SDX24

Betroffene Produkte Warnungen 0 Metriken 3 CWE 2 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Qualcomm ≫ Apq8009 Firmware Version-

Qualcomm ≫ Apq8009 Version-

Qualcomm ≫ Apq8053 Firmware Version-

Qualcomm ≫ Apq8053 Version-

Qualcomm ≫ Apq8098 Firmware Version-

Qualcomm ≫ Apq8098 Version-

Qualcomm ≫ Mdm9206 Firmware Version-

Qualcomm ≫ Mdm9206 Version-

Qualcomm ≫ Mdm9207c Firmware Version-

Qualcomm ≫ Mdm9207c Version-

Qualcomm ≫ Mdm9607 Firmware Version-

Qualcomm ≫ Mdm9607 Version-

Qualcomm ≫ Mdm9640 Firmware Version-

Qualcomm ≫ Mdm9640 Version-

Qualcomm ≫ Mdm9650 Firmware Version-

Qualcomm ≫ Mdm9650 Version-

Qualcomm ≫ Msm8905 Firmware Version-

Qualcomm ≫ Msm8905 Version-

Qualcomm ≫ Msm8909w Firmware Version-

Qualcomm ≫ Msm8909w Version-

Qualcomm ≫ Msm8917 Firmware Version-

Qualcomm ≫ Msm8917 Version-

Qualcomm ≫ Msm8953 Firmware Version-

Qualcomm ≫ Msm8953 Version-

Qualcomm ≫ Qcs605 Firmware Version-

Qualcomm ≫ Qcs605 Version-

Qualcomm ≫ Sda660 Firmware Version-

Qualcomm ≫ Sda660 Version-

Qualcomm ≫ Sda845 Firmware Version-

Qualcomm ≫ Sda845 Version-

Qualcomm ≫ Sdm429 Firmware Version-

Qualcomm ≫ Sdm429 Version-

Qualcomm ≫ Sdm429w Firmware Version-

Qualcomm ≫ Sdm429w Version-

Qualcomm ≫ Sdm439 Firmware Version-

Qualcomm ≫ Sdm439 Version-

Qualcomm ≫ Sdm670 Firmware Version-

Qualcomm ≫ Sdm670 Version-

Qualcomm ≫ Sdm710 Firmware Version-

Qualcomm ≫ Sdm710 Version-

Qualcomm ≫ Sdm845 Firmware Version-

Qualcomm ≫ Sdm845 Version-

Qualcomm ≫ Sdx20 Firmware Version-

Qualcomm ≫ Sdx20 Version-

Qualcomm ≫ Sdx24 Firmware Version-

Qualcomm ≫ Sdx24 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.04%	0.097

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.1	1.8	5.2	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
nvd@nist.gov	3.6	3.9	4.9	AV:L/AC:L/Au:N/C:P/I:N/A:P

CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://www.qualcomm.com/company/product-security/bulletins/may-2020-bulletin

Patch

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2019-14038

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-14038

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-14038

EUVD