CVE-2018-11849

26.10.2018, 13:29

Lack of check on out of range of bssid parameter When processing scan start command will lead to buffer flow in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version IPQ8074, MDM9206, MDM9607, MDM9635M, MDM9640, MDM9650, MSM8996AU, QCA4531, QCA6174A, QCA6564, QCA6574, QCA6574AU, QCA6584, QCA6584AU, QCA9377, QCA9378, QCA9379, QCA9886, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 600, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660, SDM630, SDM632, SDM636, SDM660, SDM710, SDX20, Snapdragon_High_Med_2016

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	7.8 HIGH	LOCAL	LOW	LOW	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
qualcomm	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 10%

Vendor	Product	Version
qualcomm	ipq8074_firmware	-
qualcomm	mdm9206_firmware	-
qualcomm	mdm9607_firmware	-
qualcomm	mdm9635m_firmware	-
qualcomm	mdm9640_firmware	-
qualcomm	mdm9650_firmware	-
qualcomm	msm8996au_firmware	-
qualcomm	qca4531_firmware	-
qualcomm	qca6174a_firmware	-
qualcomm	qca6564_firmware	-
qualcomm	qca6574_firmware	-
qualcomm	qca6574au_firmware	-
qualcomm	qca6584_firmware	-
qualcomm	qca6584au_firmware	-
qualcomm	qca9377_firmware	-
qualcomm	qca9378_firmware	-
qualcomm	qca9379_firmware	-
qualcomm	qca9886_firmware	-
qualcomm	sd_210_firmware	-
qualcomm	sd_212_firmware	-
qualcomm	sd_205_firmware	-
qualcomm	sd_425_firmware	-
qualcomm	sd_427_firmware	-
qualcomm	sd_430_firmware	-
qualcomm	sd_435_firmware	-
qualcomm	sd_450_firmware	-
qualcomm	sd_600_firmware	-
qualcomm	sd_625_firmware	-
qualcomm	sd_650_firmware	-
qualcomm	sd_652_firmware	-
qualcomm	sd_810_firmware	-
qualcomm	sd_820_firmware	-
qualcomm	sd_820a_firmware	-
qualcomm	sd_835_firmware	-
qualcomm	sd_845_firmware	-
qualcomm	sd_850_firmware	-
qualcomm	sda660_firmware	-
qualcomm	sdm630_firmware	-
qualcomm	sdm632_firmware	-
qualcomm	sdm636_firmware	-
qualcomm	sdm660_firmware	-
qualcomm	sdm710_firmware	-
qualcomm	sdx20_firmware	-

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

References

http://www.securityfocus.com/bid/107681

https://www.qualcomm.com/company/product-security/bulletins

http://www.securityfocus.com/bid/107681

https://www.qualcomm.com/company/product-security/bulletins