2 matches found
CVE-2017-18070
In wmandpendresponseeventhandler, the variable lenendrsp is a uint32 which can be overflowed if the value of variable "event-numndpendrspperndilist" is very large which can then lead to a heap overwrite of the heap object endrsp in all Android releases from CAF Android for MSM, Firefox OS for MSM...
CVE-2017-18070
CVE-2017-18070 describes a vulnerability in Qualcomm WLAN on Android (CAF) where, in the function wma_ndp_end_response_event_handler() , the local variable len_end_rsp (uint32) can overflow if event->num_ndp_end_rsp_per_ndi_list is very large. This overflow can lead to a heap overwrite of the ...