CVE-2019-14056

Name of the Vulnerable Software and Affected Versions: Snapdragon Auto (affected versions not specified) Snapdragon Compute (affected versions not specified) Snapdragon Consumer IOT (affected versions not specified) Snapdragon Industrial IOT (affected versions not specified) Snapdragon Mobile (affected versions not specified) Snapdragon Voice & Music (affected versions not specified) Snapdragon Wired Infrastructure and Networking (affected versions not specified) Kamorta (affected versions not specified) MDM9150 (affected versions not specified) MDM9205 (affected versions not specified) MDM9607 (affected versions not specified) MDM9650 (affected versions not specified) Nicobar (affected versions not specified) QCS404 (affected versions not specified) QCS405 (affected versions not specified) QCS605 (affected versions not specified) QCS610 (affected versions not specified) Rennell (affected versions not specified) SA6155P (affected versions not specified) SC7180 (affected versions not specified) SC8180X (affected versions not specified) SDA660 (affected versions not specified) SDA845 (affected versions not specified) SDM630 (affected versions not specified) SDM636 (affected versions not specified) SDM660 (affected versions not specified) SDM670 (affected versions not specified) SDM710 (affected versions not specified) SDM845 (affected versions not specified) SDM850 (affected versions not specified) SDX55 (affected versions not specified) SM6150 (affected versions not specified) SM7150 (affected versions not specified) SM8150 (affected versions not specified) SXR1130 (affected versions not specified) SXR2130 (affected versions not specified)

Description: The issue is related to a possible integer overflow in the API due to a lack of check on large oid range count in the cert extension field. This affects various Snapdragon products, including Auto, Compute, Consumer IOT, Industrial IOT, Mobile, Voice & Music, and Wired Infrastructure and Networking, as well as specific chipsets.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.