CVE-2019-14062

Name of the Vulnerable Software and Affected Versions: Snapdragon Auto (affected versions not specified) Snapdragon Compute (affected versions not specified) Snapdragon Consumer IOT (affected versions not specified) Snapdragon Industrial IOT (affected versions not specified) Snapdragon IoT (affected versions not specified) Snapdragon Mobile (affected versions not specified) Snapdragon Voice & Music (affected versions not specified) Snapdragon Wearables (affected versions not specified) APQ8009 (affected versions not specified) APQ8017 (affected versions not specified) APQ8053 (affected versions not specified) APQ8076 (affected versions not specified) APQ8096 (affected versions not specified) APQ8096AU (affected versions not specified) APQ8098 (affected versions not specified) Kamorta (affected versions not specified) MDM9150 (affected versions not specified) MDM9205 (affected versions not specified) MDM9206 (affected versions not specified) MDM9207C (affected versions not specified) MDM9607 (affected versions not specified) MDM9625 (affected versions not specified) MDM9635M (affected versions not specified) MDM9640 (affected versions not specified) MDM9645 (affected versions not specified) MDM9650 (affected versions not specified) MDM9655 (affected versions not specified) MSM8905 (affected versions not specified) MSM8909 (affected versions not specified) MSM8909W (affected versions not specified) MSM8917 (affected versions not specified) MSM8920 (affected versions not specified) MSM8937 (affected versions not specified) MSM8940 (affected versions not specified) MSM8953 (affected versions not specified) MSM8996AU (affected versions not specified) MSM8998 (affected versions not specified) Nicobar (affected versions not specified) QCM2150 (affected versions not specified) QCS605 (affected versions not specified) QM215 (affected versions not specified) Rennell (affected versions not specified) SA415M (affected versions not specified) SC7180 (affected versions not specified) SC8180X (affected versions not specified) SDA660 (affected versions not specified) SDA845 (affected versions not specified) SDM429 (affected versions not specified) SDM429W (affected versions not specified) SDM439 (affected versions not specified) SDM450 (affected versions not specified) SDM630 (affected versions not specified) SDM632 (affected versions not specified) SDM636 (affected versions not specified) SDM660 (affected versions not specified) SDM670 (affected versions not specified) SDM710 (affected versions not specified) SDM845 (affected versions not specified) SDM850 (affected versions not specified) SDX20 (affected versions not specified) SDX24 (affected versions not specified) SM6150 (affected versions not specified) SM7150 (affected versions not specified) SM8150 (affected versions not specified) SXR1130 (affected versions not specified)

Description: Buffer overflows occur while decoding setup messages from the network due to a lack of check of IE message length received from the network. This issue affects various Snapdragon products, including Auto, Compute, Consumer IOT, Industrial IOT, IoT, Mobile, Voice & Music, and Wearables, as well as multiple chipsets.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.