Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

CVE-2018-11267

🗓️ 20 Sep 2018 13:00:00Reported by qualcommType 
cve
 cve🔗 web.nvd.nist.gov👁 47 Views🌐 WEB

CVE-2018-11267 in Snapdragon (Automobile, Mobile, Wear) MDM9206, MDM9607, MDM9615, MDM9640, MDM9650, MDM9655, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 600, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, SDX20, when sending malformed XML data to deviceprogrammer/firehose leading to out of bounds buffer write

Related
Detection
Affected
Refs
Paths
ReporterTitlePublishedViews
Family
Cvelist		CVE-2018-11267
20 Sep 201813:00
cvelist
EUVD		EUVD-2018-3307
7 Oct 202500:30
euvd
NVD		CVE-2018-11267
20 Sep 201813:29
nvd
Prion		Design/Logic Flaw
20 Sep 201813:29
prion
NVD
Node
qualcommmdm9206_firmwareMatch-
AND
qualcommmdm9206Match-
Node
qualcommmdm9607_firmwareMatch-
AND
qualcommmdm9607Match-
Node
qualcommmdm9615_firmwareMatch-
AND
qualcommmdm9615Match-
Node
qualcommmdm9640_firmwareMatch-
AND
qualcommmdm9640Match-
Node
qualcommmdm9650_firmwareMatch-
AND
qualcommmdm9650Match-
Node
qualcommmdm9655_firmwareMatch-
AND
qualcommmdm9655Match-
Node
qualcommmsm8996au_firmwareMatch-
AND
qualcommmsm8996auMatch-
Node
qualcommsd210_firmwareMatch-
AND
qualcommsd210Match-
Node
qualcommsd212_firmwareMatch-
AND
qualcommsd212Match-
Node
qualcommsd205_firmwareMatch-
AND
qualcommsd205Match-
Node
qualcommsd410_firmwareMatch-
AND
qualcommsd410Match-
Node
qualcommsd412_firmwareMatch-
AND
qualcommsd412Match-
Node
qualcommsd425_firmwareMatch-
AND
qualcommsd425Match-
Node
qualcommsd427_firmwareMatch-
AND
qualcommsd427Match-
Node
qualcommsd430_firmwareMatch-
AND
qualcommsd430Match-
Node
qualcommsd435_firmwareMatch-
AND
qualcommsd435Match-
Node
qualcommsd450_firmwareMatch-
AND
qualcommsd450Match-
Node
qualcommsd600_firmwareMatch-
AND
qualcommsd600Match-
Node
qualcommsd615_firmwareMatch-
AND
qualcommsd615Match-
Node
qualcommsd616_firmwareMatch-
AND
qualcommsd616Match-
Node
qualcommsd415_firmwareMatch-
AND
qualcommsd415Match-
Node
qualcommsd617_firmwareMatch-
AND
qualcommsd617Match-
Node
qualcommsd625_firmwareMatch-
AND
qualcommsd625Match-
Node
qualcommsd650_firmwareMatch-
AND
qualcommsd650Match-
Node
qualcommsd652_firmwareMatch-
AND
qualcommsd652Match-
Node
qualcommsd820_firmwareMatch-
AND
qualcommsd820Match-
Node
qualcommsd820a_firmwareMatch-
AND
qualcommsd820aMatch-
Node
qualcommsd835_firmwareMatch-
AND
qualcommsd835Match-
Node
qualcommsd845_firmwareMatch-
AND
qualcommsd845Match-
Node
qualcommsd850_firmwareMatch-
AND
qualcommsd850Match-
Node
qualcommsda660_firmwareMatch-
AND
qualcommsda660Match-
Node
qualcommsdm429_firmwareMatch-
AND
qualcommsdm429Match-
Node
qualcommsdm439_firmwareMatch-
AND
qualcommsdm439Match-
Node
qualcommsdm630_firmwareMatch-
AND
qualcommsdm630Match-
Node
qualcommsdm632_firmwareMatch-
AND
qualcommsdm632Match-
Node
qualcommsdm636_firmwareMatch-
AND
qualcommsdm636Match-
Node
qualcommsdm660_firmwareMatch-
AND
qualcommsdm660Match-
Node
qualcommsdx20_firmwareMatch-
AND
qualcommsdx20Match-
Node
qualcommsnapdragon_high_med_2016_firmwareMatch-
AND
qualcommsnapdragon_high_med_2016Match-
[
  {
    "product": "Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear",
    "vendor": "Qualcomm, Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "MDM9206, MDM9607, MDM9615, MDM9640, MDM9650, MDM9655, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 600, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, SDX20, Snapdragon_High_Med_2016"
      }
    ]
  }
]
ParameterPositionPathDescriptionCWE
XML datarequest body/deviceprogrammer/firehoseMalformed XML data to deviceprogrammer/firehose may cause an out-of-bounds buffer write that can fill a region of memory with 0x20.CWE-129

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
21 Nov 2024 03:43Current
7.8High risk
Vulners AI Score7.8
CVSS 27.2
CVSS 37.8
EPSS0.00038
CWE-129
cvesnapdragonautomobilemobilewearmdmmsmsdnvdxmlbuffersecurity vulnerability
47