CVE-2019-10587

Name of the Vulnerable Software and Affected Versions Snapdragon Auto versions APQ8009 through SXR1130 Snapdragon Compute versions APQ8009 through SXR1130 Snapdragon Consumer IOT versions APQ8009 through SXR1130 Snapdragon Industrial IOT versions APQ8009 through SXR1130 Snapdragon IoT versions APQ8009 through SXR1130 Snapdragon Mobile versions APQ8009 through SXR1130 Snapdragon Voice & Music versions APQ8009 through SXR1130 Snapdragon Wearables versions APQ8009 through SXR1130

Description A possible stack overflow can occur when processing a large SDP body or non-standard SDP body without right delimiters. This issue affects various Snapdragon products.

Recommendations As a temporary workaround, consider disabling the processing of large SDP bodies or non-standard SDP bodies without right delimiters until a patch is available. Restrict access to the vulnerable module to minimize the risk of exploitation. Avoid using the SDP body parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.