PT-2018-10858 · Qualcomm · Snapdragon Mobile

Published

2018-10-29

Updated

2018-12-07

CVE-2018-11858

CVSS v2.0

7.2

High

Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Snapdragon Mobile versions SD 835 through SD 850

Description The issue arises from insufficient input validation of the IE length when processing IE set commands, potentially leading to buffer overwrite.

Recommendations For versions SD 835 through SD 850, update to a version that includes input validation for the IE length to prevent buffer overwrite. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

CVE-2018-11858

Affected Products

Snapdragon Mobile

PT-2018-10858 · Qualcomm · Snapdragon Mobile

CVE-2018-11858

Weakness Enumeration

Related Identifiers

Affected Products

References · 2