7.8

CVE-2019-14085

Possible Integer underflow in WLAN function due to lack of check of data received from user side in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in QCN7605, QCS605, SDA845, SDM670, SDM710, SDM845, SDM850, SM8150, SXR1130

Data is provided by the National Vulnerability Database (NVD)
QualcommQcn7605 Firmware Version-
   QualcommQcn7605 Version-
QualcommQcs605 Firmware Version-
   QualcommQcs605 Version-
QualcommSda845 Firmware Version-
   QualcommSda845 Version-
QualcommSdm670 Firmware Version-
   QualcommSdm670 Version-
QualcommSdm710 Firmware Version-
   QualcommSdm710 Version-
QualcommSdm845 Firmware Version-
   QualcommSdm845 Version-
QualcommSdm850 Firmware Version-
   QualcommSdm850 Version-
QualcommSm8150 Firmware Version-
   QualcommSm8150 Version-
QualcommSxr1130 Firmware Version-
   QualcommSxr1130 Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.03% 0.06
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.2 3.9 10
AV:L/AC:L/Au:N/C:C/I:C/A:C
CWE-191 Integer Underflow (Wrap or Wraparound)

The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result.