Lucene search

[email protected]CVE-2019-2300

HistoryMar 05, 2020 - 9:15 a.m.

CVE-2019-2300

2020-03-0509:15:18

CWE-120

[email protected]

web.nvd.nist.gov

cve-2019-2300

buffer overflow

wlan handler

snapdragon auto

snapdragon compute

snapdragon connectivity

apq8009

apq8017

apq8053

apq8096

apq8098

ipq8074

mdm9206

mdm9207c

mdm9607

msm8996

msm8996au

msm8998

qca6174a

qca6574au

qca8081

qca9377

qca9379

qca9886

qcs605

sda660

sda845

sdm630

sdm636

sdm660

sdm670

sdm710

sdm845

sdm850

sm6150

sm7150

sm8150

sxr1130

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.6 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

59.5%

JSON

Possible buffer overflow in WLAN handler due to lack of validation of destination buffer size before copying into it in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8096, APQ8098, IPQ8074, MDM9206, MDM9207C, MDM9607, MSM8996, MSM8996AU, MSM8998, QCA6174A, QCA6574AU, QCA8081, QCA9377, QCA9379, QCA9886, QCS605, SDA660, SDA845, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SM6150, SM7150, SM8150, SXR1130

Affected configurations

NVD

Node

qualcommapq8009_firmwareMatch-

AND

qualcommapq8009Match-

Node

qualcommapq8017_firmwareMatch-

AND

qualcommapq8017Match-

Node

qualcommapq8053_firmwareMatch-

AND

qualcommapq8053Match-

Node

qualcommapq8096_firmwareMatch-

AND

qualcommapq8096Match-

Node

qualcommapq8098_firmwareMatch-

AND

qualcommapq8098Match-

Node

qualcommipq8074_firmwareMatch-

AND

qualcommipq8074Match-

Node

qualcommmdm9206_firmwareMatch-

AND

qualcommmdm9206Match-

Node

qualcommmdm9207c_firmwareMatch-

AND

qualcommmdm9207cMatch-

Node

qualcommmdm9607_firmwareMatch-

AND

qualcommmdm9607Match-

Node

qualcommmsm8996_firmwareMatch-

AND

qualcommmsm8996Match-

Node

qualcommmsm8996au_firmwareMatch-

AND

qualcommmsm8996auMatch-

Node

qualcommmsm8998_firmwareMatch-

AND

qualcommmsm8998Match-

Node

qualcommqca6174a_firmwareMatch-

AND

qualcommqca6174aMatch-

Node

qualcommqca6574au_firmwareMatch-

AND

qualcommqca6574auMatch-

Node

qualcommqca8081_firmwareMatch-

AND

qualcommqca8081Match-

Node

qualcommqca9377_firmwareMatch-

AND

qualcommqca9377Match-

Node

qualcommqca9379_firmwareMatch-

AND

qualcommqca9379Match-

Node

qualcommqca9886_firmwareMatch-

AND

qualcommqca9886Match-

Node

qualcommqcs605_firmwareMatch-

AND

qualcommqcs605Match-

Node

qualcommsda660_firmwareMatch-

AND

qualcommsda660Match-

Node

qualcommsda845_firmwareMatch-

AND

qualcommsda845Match-

Node

qualcommsdm630_firmwareMatch-

AND

qualcommsdm630Match-

Node

qualcommsdm636_firmwareMatch-

AND

qualcommsdm636Match-

Node

qualcommsdm660_firmwareMatch-

AND

qualcommsdm660Match-

Node

qualcommsdm670_firmwareMatch-

AND

qualcommsdm670Match-

Node

qualcommsdm710_firmwareMatch-

AND

qualcommsdm710Match-

Node

qualcommsdm845_firmwareMatch-

AND

qualcommsdm845Match-

Node

qualcommsdm850_firmwareMatch-

AND

qualcommsdm850Match-

Node

qualcommsm6150_firmwareMatch-

AND

qualcommsm6150Match-

Node

qualcommsm7150_firmwareMatch-

AND

qualcommsm7150Match-

Node

qualcommsm8150_firmwareMatch-

AND

qualcommsm8150Match-

Node

qualcommsxr1130_firmwareMatch-

AND

qualcommsxr1130Match-

CPENameOperatorVersion
qualcomm:apq8009_firmwarequalcomm apq8009 firmwareeq-

CPE	Name	Operator	Version
qualcomm:apq8009_firmware	qualcomm apq8009 firmware	eq	-

CNA Affected

[
  {
    "product": "Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking",
    "vendor": "Qualcomm, Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "APQ8009, APQ8017, APQ8053, APQ8096, APQ8098, IPQ8074, MDM9206, MDM9207C, MDM9607, MSM8996, MSM8996AU, MSM8998, QCA6174A, QCA6574AU, QCA8081, QCA9377, QCA9379, QCA9886, QCS605, SDA660, SDA845, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SM6150, SM7150, SM8150, SXR1130"
      }
    ]
  }
]

References

www.qualcomm.com/company/product-security/bulletins/march-2020-bulletin

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.6 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

59.5%

JSON

Related for CVE-2019-2300

prion1 nvd1 cvelist1