Lucene search

[email protected]CVE-2019-2307

HistoryJul 25, 2019 - 5:15 p.m.

CVE-2019-2307

2019-07-2517:15:13

CWE-191

CWE-125

[email protected]

web.nvd.nist.gov

cve-2019-2307

integer underflow

data length

802.11 rx management

snapdragon

nvd

security vulnerability

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.3 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

65.3%

JSON

Possible integer underflow due to lack of validation before calculation of data length in 802.11 Rx management configuration in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA6174A, QCA6574AU, QCA9377, QCA9379, QCS405, QCS605, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 600, SD 625, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDM630, SDM660, SDX20, SDX24

Affected configurations

NVD

Node

qualcommmdm9150_firmwareMatch-

AND

qualcommmdm9150Match-

Node

qualcommmdm9206_firmwareMatch-

AND

qualcommmdm9206Match-

Node

qualcommmdm9607_firmwareMatch-

AND

qualcommmdm9607Match-

Node

qualcommmdm9640_firmwareMatch-

AND

qualcommmdm9640Match-

Node

qualcommmdm9650_firmwareMatch-

AND

qualcommmdm9650Match-

Node

qualcommmsm8996au_firmwareMatch-

AND

qualcommmsm8996auMatch-

Node

qualcommqca6174a_firmwareMatch-

AND

qualcommqca6174aMatch-

Node

qualcommqca6574au_firmwareMatch-

AND

qualcommqca6574auMatch-

Node

qualcommqca9377_firmwareMatch-

AND

qualcommqca9377Match-

Node

qualcommqca9379_firmwareMatch-

AND

qualcommqca9379Match-

Node

qualcommqcs405_firmwareMatch-

AND

qualcommqcs405Match-

Node

qualcommqcs605_firmwareMatch-

AND

qualcommqcs605Match-

Node

qualcommsd_210_firmwareMatch-

AND

qualcommsd_210Match-

Node

qualcommsd_212_firmwareMatch-

AND

qualcommsd_212Match-

Node

qualcommsd_205_firmwareMatch-

AND

qualcommsd_205Match-

Node

qualcommsd_425_firmwareMatch-

AND

qualcommsd_425Match-

Node

qualcommsd_427_firmwareMatch-

AND

qualcommsd_427Match-

Node

qualcommsd_430_firmwareMatch-

AND

qualcommsd_430Match-

Node

qualcommsd_435_firmwareMatch-

AND

qualcommsd_435Match-

Node

qualcommsd_450_firmwareMatch-

AND

qualcommsd_450Match-

Node

qualcommsd_600_firmwareMatch-

AND

qualcommsd_600Match-

Node

qualcommsd_625_firmwareMatch-

AND

qualcommsd_625Match-

Node

qualcommsd_636_firmwareMatch-

AND

qualcommsd_636Match-

Node

qualcommsd_665_firmwareMatch-

AND

qualcommsd_665Match-

Node

qualcommsd_675_firmwareMatch-

AND

qualcommsd_675Match-

Node

qualcommsd_712_firmwareMatch-

AND

qualcommsd_712Match-

Node

qualcommsd_710_firmwareMatch-

AND

qualcommsd_710Match-

Node

qualcommsd_670_firmwareMatch-

AND

qualcommsd_670Match-

Node

qualcommsd_730_firmwareMatch-

AND

qualcommsd_730Match-

Node

qualcommsd_820_firmwareMatch-

AND

qualcommsd_820Match-

Node

qualcommsd_820a_firmwareMatch-

AND

qualcommsd_820aMatch-

Node

qualcommsd_835_firmwareMatch-

AND

qualcommsd_835Match-

Node

qualcommsd_845_firmwareMatch-

AND

qualcommsd_845Match-

Node

qualcommsd_850_firmwareMatch-

AND

qualcommsd_850Match-

Node

qualcommsd_855_firmwareMatch-

AND

qualcommsd_855Match-

Node

qualcommsdm630_firmwareMatch-

AND

qualcommsdm630Match-

Node

qualcommsdm660_firmwareMatch-

AND

qualcommsdm660Match-

Node

qualcommsdx20_firmwareMatch-

AND

qualcommsdx20Match-

Node

qualcommsdx24_firmwareMatch-

AND

qualcommsdx24Match-

CPENameOperatorVersion
qualcomm:mdm9150_firmwarequalcomm mdm9150 firmwareeq-

CPE	Name	Operator	Version
qualcomm:mdm9150_firmware	qualcomm mdm9150 firmware	eq	-

CNA Affected

[
  {
    "product": "Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music",
    "vendor": "Qualcomm, Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA6174A, QCA6574AU, QCA9377, QCA9379, QCS405, QCS605, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 600, SD 625, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDM630, SDM660, SDX20, SDX24"
      }
    ]
  }
]

References

www.securityfocus.com/bid/109383

www.codeaurora.org/security-bulletin/2019/07/01/july-2019-code-aurora-security-bulletin

Social References

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.3 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

65.3%

JSON

Related for CVE-2019-2307

cvelist1 prion1 nvd1 thn1