CVE-2019-2300

EPSS 0.36%
Veröffentlicht 05.03.2020 09:15:18
Zuletzt bearbeitet 21.11.2024 04:40:39
Quelle product-security@qualcomm.com
Teams Watchlist Login
Unerledigt Login

Possible buffer overflow in WLAN handler due to lack of validation of destination buffer size before copying into it in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8096, APQ8098, IPQ8074, MDM9206, MDM9207C, MDM9607, MSM8996, MSM8996AU, MSM8998, QCA6174A, QCA6574AU, QCA8081, QCA9377, QCA9379, QCA9886, QCS605, SDA660, SDA845, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SM6150, SM7150, SM8150, SXR1130

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Qualcomm ≫ Apq8009 Firmware Version-

Qualcomm ≫ Apq8009 Version-

Qualcomm ≫ Apq8017 Firmware Version-

Qualcomm ≫ Apq8017 Version-

Qualcomm ≫ Apq8053 Firmware Version-

Qualcomm ≫ Apq8053 Version-

Qualcomm ≫ Apq8096 Firmware Version-

Qualcomm ≫ Apq8096 Version-

Qualcomm ≫ Apq8098 Firmware Version-

Qualcomm ≫ Apq8098 Version-

Qualcomm ≫ Ipq8074 Firmware Version-

Qualcomm ≫ Ipq8074 Version-

Qualcomm ≫ Mdm9206 Firmware Version-

Qualcomm ≫ Mdm9206 Version-

Qualcomm ≫ Mdm9207c Firmware Version-

Qualcomm ≫ Mdm9207c Version-

Qualcomm ≫ Mdm9607 Firmware Version-

Qualcomm ≫ Mdm9607 Version-

Qualcomm ≫ Msm8996 Firmware Version-

Qualcomm ≫ Msm8996 Version-

Qualcomm ≫ Msm8996au Firmware Version-

Qualcomm ≫ Msm8996au Version-

Qualcomm ≫ Msm8998 Firmware Version-

Qualcomm ≫ Msm8998 Version-

Qualcomm ≫ Qca6174a Firmware Version-

Qualcomm ≫ Qca6174a Version-

Qualcomm ≫ Qca6574au Firmware Version-

Qualcomm ≫ Qca6574au Version-

Qualcomm ≫ Qca8081 Firmware Version-

Qualcomm ≫ Qca8081 Version-

Qualcomm ≫ Qca9377 Firmware Version-

Qualcomm ≫ Qca9377 Version-

Qualcomm ≫ Qca9379 Firmware Version-

Qualcomm ≫ Qca9379 Version-

Qualcomm ≫ Qca9886 Firmware Version-

Qualcomm ≫ Qca9886 Version-

Qualcomm ≫ Qcs605 Firmware Version-

Qualcomm ≫ Qcs605 Version-

Qualcomm ≫ Sda660 Firmware Version-

Qualcomm ≫ Sda660 Version-

Qualcomm ≫ Sda845 Firmware Version-

Qualcomm ≫ Sda845 Version-

Qualcomm ≫ Sdm630 Firmware Version-

Qualcomm ≫ Sdm630 Version-

Qualcomm ≫ Sdm636 Firmware Version-

Qualcomm ≫ Sdm636 Version-

Qualcomm ≫ Sdm660 Firmware Version-

Qualcomm ≫ Sdm660 Version-

Qualcomm ≫ Sdm670 Firmware Version-

Qualcomm ≫ Sdm670 Version-

Qualcomm ≫ Sdm710 Firmware Version-

Qualcomm ≫ Sdm710 Version-

Qualcomm ≫ Sdm845 Firmware Version-

Qualcomm ≫ Sdm845 Version-

Qualcomm ≫ Sdm850 Firmware Version-

Qualcomm ≫ Sdm850 Version-

Qualcomm ≫ Sm6150 Firmware Version-

Qualcomm ≫ Sm6150 Version-

Qualcomm ≫ Sm7150 Firmware Version-

Qualcomm ≫ Sm7150 Version-

Qualcomm ≫ Sm8150 Firmware Version-

Qualcomm ≫ Sm8150 Version-

Qualcomm ≫ Sxr1130 Firmware Version-

Qualcomm ≫ Sxr1130 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.36%	0.549

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	10	10	10	AV:N/AC:L/Au:N/C:C/I:C/A:C

CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

https://www.qualcomm.com/company/product-security/bulletins/march-2020-bulletin

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2019-2300

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-2300

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-2300

EUVD