PT-2018-17237 · Qualcomm · Snapdragon Mobile+1

Published

2018-11-28

Updated

2018-12-26

CVE-2018-5917

CVSS v2.0

7.2

High

Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions: Snapdragon Automobile versions MSM8996AU, SD 425, SD 430, SD 450, SD 625, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660, SDA845, SDX24, SXR1130 Snapdragon Mobile versions MSM8996AU, SD 425, SD 430, SD 450, SD 625, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660, SDA845, SDX24, SXR1130

Description: The issue is related to a possible buffer overflow in an OEM crypto function due to improper input validation.

Recommendations: For Snapdragon Automobile and Snapdragon Mobile versions MSM8996AU, SD 425, SD 430, SD 450, SD 625, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660, SDA845, SDX24, SXR1130, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

CVE-2018-5917

Affected Products

Snapdragon Automobile

Snapdragon Mobile

PT-2018-17237 · Qualcomm · Snapdragon Mobile+1

CVE-2018-5917

Weakness Enumeration

Related Identifiers

Affected Products

References · 3