7.8

CVE-2019-14078

Out of bound memory access while processing qpay due to not validating length of the response buffer provided by User. in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8098, MSM8909, MSM8998, SDA660, SDA845, SDM630, SDM636, SDM660, SDM845

Data is provided by the National Vulnerability Database (NVD)
QualcommApq8009 Firmware Version-
   QualcommApq8009 Version-
QualcommApq8098 Firmware Version-
   QualcommApq8098 Version-
QualcommMsm8909 Firmware Version-
   QualcommMsm8909 Version-
QualcommMsm8998 Firmware Version-
   QualcommMsm8998 Version-
QualcommSda660 Firmware Version-
   QualcommSda660 Version-
QualcommSda845 Firmware Version-
   QualcommSda845 Version-
QualcommSdm630 Firmware Version-
   QualcommSdm630 Version-
QualcommSdm636 Firmware Version-
   QualcommSdm636 Version-
QualcommSdm660 Firmware Version-
   QualcommSdm660 Version-
QualcommSdm845 Firmware Version-
   QualcommSdm845 Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.04% 0.097
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 4.6 3.9 6.4
AV:L/AC:L/Au:N/C:P/I:P/A:P
CWE-131 Incorrect Calculation of Buffer Size

The product does not correctly calculate the size to be used when allocating a buffer, which could lead to a buffer overflow.