1. CVE-Search
  2. CVE-2019-14036
ID CVE-2019-14036
Summary Possible buffer overflow issue in error processing due to improper validation of array index value in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8064, APQ8096AU, IPQ4019, IPQ8064, IPQ8074, MDM9607, MDM9615, MDM9640, MSM8996AU, QCN7605
References
Vulnerable Configurations
  • cpe:2.3:o:qualcomm:apq8064_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:qualcomm:apq8064_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:h:qualcomm:apq8064:-:*:*:*:*:*:*:*
    cpe:2.3:h:qualcomm:apq8064:-:*:*:*:*:*:*:*
  • cpe:2.3:o:qualcomm:apq8096au_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:qualcomm:apq8096au_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:h:qualcomm:apq8096au:-:*:*:*:*:*:*:*
    cpe:2.3:h:qualcomm:apq8096au:-:*:*:*:*:*:*:*
  • cpe:2.3:o:qualcomm:ipq4019_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:qualcomm:ipq4019_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:h:qualcomm:ipq4019:-:*:*:*:*:*:*:*
    cpe:2.3:h:qualcomm:ipq4019:-:*:*:*:*:*:*:*
  • cpe:2.3:o:qualcomm:ipq8064_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:qualcomm:ipq8064_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:h:qualcomm:ipq8064:-:*:*:*:*:*:*:*
    cpe:2.3:h:qualcomm:ipq8064:-:*:*:*:*:*:*:*
  • cpe:2.3:o:qualcomm:ipq8074_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:qualcomm:ipq8074_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:h:qualcomm:ipq8074:-:*:*:*:*:*:*:*
    cpe:2.3:h:qualcomm:ipq8074:-:*:*:*:*:*:*:*
  • cpe:2.3:o:qualcomm:mdm9607_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:qualcomm:mdm9607_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:h:qualcomm:mdm9607:-:*:*:*:*:*:*:*
    cpe:2.3:h:qualcomm:mdm9607:-:*:*:*:*:*:*:*
  • cpe:2.3:o:qualcomm:mdm9615_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:qualcomm:mdm9615_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:h:qualcomm:mdm9615:-:*:*:*:*:*:*:*
    cpe:2.3:h:qualcomm:mdm9615:-:*:*:*:*:*:*:*
  • cpe:2.3:o:qualcomm:mdm9640_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:qualcomm:mdm9640_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:h:qualcomm:mdm9640:-:*:*:*:*:*:*:*
    cpe:2.3:h:qualcomm:mdm9640:-:*:*:*:*:*:*:*
  • cpe:2.3:o:qualcomm:msm8996au_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:qualcomm:msm8996au_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:h:qualcomm:msm8996au:-:*:*:*:*:*:*:*
    cpe:2.3:h:qualcomm:msm8996au:-:*:*:*:*:*:*:*
  • cpe:2.3:o:qualcomm:qcn7605_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:qualcomm:qcn7605_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:h:qualcomm:qcn7605:-:*:*:*:*:*:*:*
    cpe:2.3:h:qualcomm:qcn7605:-:*:*:*:*:*:*:*
CVSS
Base: 7.2 (as of 24-01-2020 - 13:31)
Impact:
Exploitability:
CWE CWE-129
CAPEC
  • Overflow Buffers
    Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an adversary. As a consequence, an adversary is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the adversaries' choice.
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:L/AC:L/Au:N/C:C/I:C/A:C
refmap via4
confirm https://www.qualcomm.com/company/product-security/bulletins/january-2020-bulletin
Last major update 24-01-2020 - 13:31
Published 21-01-2020 - 07:15
Last modified 24-01-2020 - 13:31
Back to Top