CVE-2018-11298

Name of the Vulnerable Software and Affected Versions Android for MSM (affected versions not specified) Firefox OS for MSM (affected versions not specified) QRD Android (affected versions not specified)

Description The issue arises when processing the SET PASSPOINT LIST vendor command in the HDD, where it fails to ensure the realm string passed by the upper-layer is NULL terminated. This oversight may lead to a buffer overflow since strlen is used to determine the realm string length for constructing the PASSPOINT WMA command.

Recommendations For Android for MSM, ensure that the realm string is properly NULL terminated before processing the SET PASSPOINT LIST vendor command. For Firefox OS for MSM, verify that the upper-layer passes a NULL terminated realm string to prevent buffer overflow. For QRD Android, consider implementing a check to ensure the realm string is NULL terminated before using strlen to construct the PASSPOINT WMA command.