PT-2019-8267 · Qualcomm · Snapdragon Automobile+2
Publicado
2019-05-06
·
Atualizado
2019-05-07
·
CVE-2017-18274
CVSS v2.0
7.2
Alta
| Vetor | AV:L/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Snapdragon Automobile versions MDM9206
Snapdragon Mobile versions MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 617, SD 625, SD 650/52, SD 820, SD 820A, SD 835
Snapdragon Wear versions MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 617, SD 625, SD 650/52, SD 820, SD 820A, SD 835
Description
A buffer overflow issue occurs in the actData structure due to an incorrect number of models stored, which is greater than the size of the array. This happens while iterating through the models contained in a fixed-size array.
Recommendations
For Snapdragon Automobile version MDM9206, update the actData structure to store the correct number of models.
For Snapdragon Mobile versions MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 617, SD 625, SD 650/52, SD 820, SD 820A, SD 835, update the actData structure to store the correct number of models.
For Snapdragon Wear versions MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 617, SD 625, SD 650/52, SD 820, SD 820A, SD 835, update the actData structure to store the correct number of models.
Correção
Improper Validation of Array Index
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Snapdragon Automobile
Snapdragon Mobile
Snapdragon Wear