TROYANOSYVIRUS
Retour aux CVEs

CVE-2019-10542

CRITICAL
9.8

Description

Buffer over-read may occur when downloading a corrupted firmware file that has chunk length in header which doesn`t match the contents in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in MDM9150, MDM9206, MDM9607, MDM9615, MDM9640, MDM9650, MSM8996AU, QCA6174A, QCA6574AU, QCA9377, QCA9379, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 600, SD 625, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 845 / SD 850, SDX20

Details CVE

Score CVSS v3.19.8
SeveriteCRITICAL
Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vecteur d'attaqueNETWORK
ComplexiteLOW
Privileges requisNONE
Interaction utilisateurNONE
Publie11/6/2019
Derniere modification11/21/2024
Sourcenvd
Observations honeypot0

Produits affectes

qualcomm:mdm9150qualcomm:mdm9150_firmwarequalcomm:mdm9206qualcomm:mdm9206_firmwarequalcomm:mdm9607qualcomm:mdm9607_firmwarequalcomm:mdm9615qualcomm:mdm9615_firmwarequalcomm:mdm9640qualcomm:mdm9640_firmwarequalcomm:mdm9650qualcomm:mdm9650_firmwarequalcomm:msm8996auqualcomm:msm8996au_firmwarequalcomm:qca6174aqualcomm:qca6174a_firmwarequalcomm:qca6574auqualcomm:qca6574au_firmwarequalcomm:qca9377qualcomm:qca9377_firmwarequalcomm:qca9379qualcomm:qca9379_firmwarequalcomm:sd_205qualcomm:sd_205_firmwarequalcomm:sd_210qualcomm:sd_210_firmwarequalcomm:sd_212qualcomm:sd_212_firmwarequalcomm:sd_425qualcomm:sd_425_firmwarequalcomm:sd_427qualcomm:sd_427_firmwarequalcomm:sd_430qualcomm:sd_430_firmwarequalcomm:sd_435qualcomm:sd_435_firmwarequalcomm:sd_450qualcomm:sd_450_firmwarequalcomm:sd_600qualcomm:sd_600_firmwarequalcomm:sd_625qualcomm:sd_625_firmwarequalcomm:sd_670qualcomm:sd_670_firmwarequalcomm:sd_710qualcomm:sd_710_firmwarequalcomm:sd_712qualcomm:sd_712_firmwarequalcomm:sd_820qualcomm:sd_820_firmwarequalcomm:sd_820aqualcomm:sd_820a_firmwarequalcomm:sd_845qualcomm:sd_845_firmwarequalcomm:sd_850qualcomm:sd_850_firmwarequalcomm:sdx20qualcomm:sdx20_firmware

Faiblesses (CWE)

CWE-125

References

https://source.android.com/security/bulletin/(product-security@qualcomm.com)
https://source.android.com/security/bulletin/(af854a3a-2127-422b-91ae-364da2661108)

Correlations IOC

Aucune correlation enregistree

This product uses data from the NVD API but is not endorsed or certified by the NVD.