CVE-2015-9203

CVE-2015-9203 describes a buffer overread caused by missing input validation in playready_set_domainid on a wide range of Qualcomm Snapdragon platforms (Automobile, Mobile, Wear) and various Snapdragon SoCs. This affects Android versions up to the 2018-04-05 security patch level; the issue is doc...

CVE-2015-9204

CVE-2015-9204 describes a buffer overread in Android on Qualcomm Snapdragon mobile/wear platforms (various SD series) when cchFriendlyName exceeds TZ_PR_MAX_NAME_LEN in playready_leavedomain_generate_challenge(). The issue is triggered in affected Android versions prior to the 2018-04-05 security...

CVE-2015-9207

CVE-2015-9207 describes a buffer overread in playready_getadditional_responsedata due to insufficient input validation, affecting Android devices on Qualcomm Snapdragon Mobile and Snapdragon Wear (MSM8909W) and a range of Qualcomm SoCs (SD 210/212/205, 400, 410/12, 615/16/415, 617, 650/52, 800, 8...

CVE-2015-9170

CVE-2015-9170: In Android devices with Qualcomm Snapdragon components (Automobile, Mobile, Wear; including MDM9206/9650, MSM8909W, SD 210–212/205, SD 400/410/12, SD 425/430/450, SD 615/16/415, SD 617/625/650/52, SD 800/808/810/820/820A, SD 835/845/850), an incorrect offset check in wv_dash_core_r...

CVE-2015-9202

Technical details are not publicly available in the provided documents. Monitor for updates.

CVE-2015-9206

Technical details about CVE-2015-9206 are not publicly provided in the connected documents. The materials available here reiterate the issue description but do not specify affected products, root cause, impact, or remediation. Monitor for updates.

CVE-2015-9211

CVE-2015-9211 describes a buffer overread in the PlayReady module affecting Android devices with Qualcomm Snapdragon ranges (Automobile, Mobile, Wear) prior to the 2018-04-05 patch level. The issue occurs when a large PlayReady message is processed, potentially impacting confidentiality, integrit...

CVE-2015-9212

The CVE-2015-9212 issue affects Qualcomm Snapdragon platforms (Mobile and Wear MSM8909W; SD 210/212/205; SD 400; SD 410/12; SD 800). Root cause: lack of input validation while processing TZ_PR_CMD_SAVE_KEY leads to a buffer overread. Impact is described as high across confidentiality, integrity, ...

CVE-2015-9164

The CVE-2015-9164 issue is a buffer overread in Playready caused by insufficient input validation of the buffer size provided by the HLOS, affecting multiple Qualcomm-based Android devices (e.g., Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear MSM8909W and various SD versions). The prac...

UBUNTU-CVE-2018-9989

ARM mbed TLS before 2.1.11, before 2.7.2, and before 2.8.0 has a buffer over-read in sslparseserverpskhint that could cause a crash on invalid input...

UBUNTU-CVE-2018-9988

ARM mbed TLS before 2.1.11, before 2.7.2, and before 2.8.0 has a buffer over-read in sslparseserverkeyexchange that could cause a crash on invalid input...

kernel: Buffer over-read in keyring subsystem allows exposing potentially sensitive information to local attacker

A flaw has been identified in the Linux kernel's implementation of validmasterdesc in which a memory buffer would be compared to a userspace value with an incorrect size of comparison. By bruteforcing the comparison, an attacker could determine what was in memory after the description and possibl...

tcpdump: Buffer over-read in print-bgp.c:bgp_attr_print() in BGP parser

The BGP parser in tcpdump before 4.9.2 has a buffer over-read in print-bgp.c:bgpattrprint...

tcpdump: Buffer over-read in print-bootp.c:bootp_print() in BOOTP parser

The BOOTP parser in tcpdump before 4.9.2 has a buffer over-read in print-bootp.c:bootpprint...

tcpdump: Buffer over-read in print-aodv.c:aodv_extension() in AODV parser

The AODV parser in tcpdump before 4.9.2 has a buffer over-read in print-aodv.c:aodvextension...

tcpdump: Buffer over-read in print-rsvp.c:rsvp_obj_print() in RSVP parser

The RSVP parser in tcpdump before 4.9.2 has a buffer over-read in print-rsvp.c:rsvpobjprint...

tcpdump: Buffer over-read in print-isakmp.c, several functions in IKEv2 parser

The IKEv2 parser in tcpdump before 4.9.2 has a buffer over-read in print-isakmp.c, several functions...

tcpdump: Buffer over-read in print-telnet.c:telnet_parse() in telnet parser

The telnet parser in tcpdump before 4.9.2 has a buffer over-read in print-telnet.c:telnetparse...

tcpdump: Buffer over-read in print-decnet.c:decnet_print() in DECnet parser

The DECnet parser in tcpdump before 4.9.2 has a buffer over-read in print-decnet.c:decnetprint...

tcpdump: Buffer over-read in print-isakmp.c:ikev1_id_print() in IKEv1 parser

The IKEv1 parser in tcpdump before 4.9.2 has a buffer over-read in print-isakmp.c:ikev1idprint...