Lucene search

[email protected]CVE-2018-11853

HistoryOct 26, 2018 - 1:29 p.m.

CVE-2018-11853

2018-10-2613:29:01

CWE-119

[email protected]

web.nvd.nist.gov

cve-2018-11853

lack of check

out of range

buffer overflow

snapdragon mobile

snapdragon wear

ipq8074

mdm9206

mdm9607

mdm9650

sd 425

sd 427

sd 430

sd 435

sd 450

sd 625

sd 650/52

sd 835

sd 845

sd 850

sda660

sdm429

sdm439

sdm630

sdm632

sdm636

sdm660

sdm710

snapdragon_high_med_2016

nvd

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.9 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

12.7%

JSON

Lack of check on out of range for channels When processing channel list set command will lead to buffer flow in Snapdragon Mobile, Snapdragon Wear in version IPQ8074, MDM9206, MDM9607, MDM9650, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 650/52, SD 835, SD 845, SD 850, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, SDM710, Snapdragon_High_Med_2016

Affected configurations

NVD

Node

qualcommipq8074Match-

AND

qualcommipq8074_firmwareMatch-

Node

qualcommmdm9206Match-

AND

qualcommmdm9206_firmwareMatch-

Node

qualcommmdm9607Match-

AND

qualcommmdm9607_firmwareMatch-

Node

qualcommmdm9650Match-

AND

qualcommmdm9650_firmwareMatch-

Node

qualcommsd_425Match-

AND

qualcommsd_425_firmwareMatch-

Node

qualcommsd_427Match-

AND

qualcommsd_427_firmwareMatch-

Node

qualcommsd_430Match-

AND

qualcommsd_430_firmwareMatch-

Node

qualcommsd_435_firmwareMatch-

AND

qualcommsd_435Match-

Node

qualcommsd_450_firmwareMatch-

AND

qualcommsd_450Match-

Node

qualcommsd_625_firmwareMatch-

AND

qualcommsd_625Match-

Node

qualcommsd_650_firmwareMatch-

AND

qualcommsd_650Match-

Node

qualcommsd_652_firmwareMatch-

AND

qualcommsd_652Match-

Node

qualcommsd_835_firmwareMatch-

AND

qualcommsd_835Match-

Node

qualcommsd_845_firmwareMatch-

AND

qualcommsd_845Match-

Node

qualcommsd_850_firmwareMatch-

AND

qualcommsd_850Match-

Node

qualcommsda660_firmwareMatch-

AND

qualcommsda660Match-

Node

qualcommsdm429_firmwareMatch-

AND

qualcommsdm429Match-

Node

qualcommsdm439_firmwareMatch-

AND

qualcommsdm439Match-

Node

qualcommsdm630_firmwareMatch-

AND

qualcommsdm630Match-

Node

qualcommsdm632_firmwareMatch-

AND

qualcommsdm632Match-

Node

qualcommsdm636_firmwareMatch-

AND

qualcommsdm636Match-

Node

qualcommsdm660_firmwareMatch-

AND

qualcommsdm660Match-

Node

qualcommsdm710_firmwareMatch-

AND

qualcommsdm710Match-

CPENameOperatorVersion
qualcomm:ipq8074_firmwarequalcomm ipq8074 firmwareeq-

CPE	Name	Operator	Version
qualcomm:ipq8074_firmware	qualcomm ipq8074 firmware	eq	-

CNA Affected

[
  {
    "product": "Snapdragon Mobile, Snapdragon Wear",
    "vendor": "Qualcomm, Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "IPQ8074, MDM9206, MDM9607, MDM9650, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 650/52, SD 835, SD 845, SD 850, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, SDM710, Snapdragon_High_Med_2016"
      }
    ]
  }
]

References

www.securityfocus.com/bid/107681

www.qualcomm.com/company/product-security/bulletins

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.9 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

12.7%

JSON

Related for CVE-2018-11853

cvelist1 prion1 nvd1