PT-2019-8812 · Qualcomm · Snapdragon

Publicado

2019-02-11

Atualizado

2019-02-21

CVE-2018-11855

CVSS v2.0

7.2

Alta

Vetor

AV:L/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Qualcomm Snapdragon versions MDM9607, MDM9650, MDM9655, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 636, SD 820, SD 820A, SD 835, SD 8CX, SDA660, SDM630, SDM660

Description The issue arises when an end user utilizes the SCP11 sample OCE code without modification, potentially leading to a buffer overflow when transmitting a CAPDU. This affects various Snapdragon products, including Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, and Snapdragon Mobile.

Recommendations For versions MDM9607, MDM9650, MDM9655, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 636, SD 820, SD 820A, SD 835, SD 8CX, SDA660, SDM630, SDM660, modify the SCP11 sample OCE code to prevent buffer overflow when transmitting a CAPDU. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Integer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-190

Identificadores relacionados

CVE-2018-11855

Produtos afetados

Snapdragon

PT-2019-8812 · Qualcomm · Snapdragon

CVE-2018-11855

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 2