var-201807-0290
Vulnerability from variot
While playing HEVC content using HD DMB in Snapdragon Automobile and Snapdragon Mobile in version MSM8996AU, SD 450, SD 625, SD 820, SD 820A, SD 835, an uninitialized variable can be used leading to a kernel fault. Snapdragon Automobile and Snapdragon Mobile Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Qualcomm MSM8996AU, etc. are the central processing unit (CPU) products of Qualcomm (Qualcomm) for different platforms. Security flaws exist in several Qualcomm products. Currently there is no information about this vulnerability, please keep an eye on CNNVD or vendor announcements
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201807-0290",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "msm8996au",
"scope": "eq",
"trust": 1.6,
"vendor": "qualcomm",
"version": null
},
{
"model": "sd 625",
"scope": "eq",
"trust": 1.6,
"vendor": "qualcomm",
"version": null
},
{
"model": "sd 820",
"scope": "eq",
"trust": 1.6,
"vendor": "qualcomm",
"version": null
},
{
"model": "sd 835",
"scope": "eq",
"trust": 1.6,
"vendor": "qualcomm",
"version": null
},
{
"model": "sd 820a",
"scope": "eq",
"trust": 1.6,
"vendor": "qualcomm",
"version": null
},
{
"model": "sd 450",
"scope": "eq",
"trust": 1.6,
"vendor": "qualcomm",
"version": null
},
{
"model": "msm8996au",
"scope": null,
"trust": 0.8,
"vendor": "qualcomm",
"version": null
},
{
"model": "sd 450",
"scope": null,
"trust": 0.8,
"vendor": "qualcomm",
"version": null
},
{
"model": "sd 625",
"scope": null,
"trust": 0.8,
"vendor": "qualcomm",
"version": null
},
{
"model": "sd 820",
"scope": null,
"trust": 0.8,
"vendor": "qualcomm",
"version": null
},
{
"model": "sd 820a",
"scope": null,
"trust": 0.8,
"vendor": "qualcomm",
"version": null
},
{
"model": "sd 835",
"scope": null,
"trust": 0.8,
"vendor": "qualcomm",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-014044"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-1138"
},
{
"db": "NVD",
"id": "CVE-2017-18155"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:qualcomm:msm8996au_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:qualcomm:sd_450_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:qualcomm:sd_625_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:qualcomm:sd_820_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:qualcomm:sd_820a_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:qualcomm:sd_835_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-014044"
}
]
},
"cve": "CVE-2017-18155",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CVE-2017-18155",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "VHN-109249",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2017-18155",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-18155",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2017-18155",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201807-1138",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-109249",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2017-18155",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-109249"
},
{
"db": "VULMON",
"id": "CVE-2017-18155"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014044"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-1138"
},
{
"db": "NVD",
"id": "CVE-2017-18155"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "While playing HEVC content using HD DMB in Snapdragon Automobile and Snapdragon Mobile in version MSM8996AU, SD 450, SD 625, SD 820, SD 820A, SD 835, an uninitialized variable can be used leading to a kernel fault. Snapdragon Automobile and Snapdragon Mobile Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Qualcomm MSM8996AU, etc. are the central processing unit (CPU) products of Qualcomm (Qualcomm) for different platforms. Security flaws exist in several Qualcomm products. Currently there is no information about this vulnerability, please keep an eye on CNNVD or vendor announcements",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-18155"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014044"
},
{
"db": "VULHUB",
"id": "VHN-109249"
},
{
"db": "VULMON",
"id": "CVE-2017-18155"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-18155",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014044",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201807-1138",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-109249",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2017-18155",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-109249"
},
{
"db": "VULMON",
"id": "CVE-2017-18155"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014044"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-1138"
},
{
"db": "NVD",
"id": "CVE-2017-18155"
}
]
},
"id": "VAR-201807-0290",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-109249"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T23:12:06.172000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "August 2018 Qualcomm Technologies, Inc. Security Bulletin",
"trust": 0.8,
"url": "https://www.qualcomm.com/company/product-security/bulletins"
},
{
"title": "Android Security Bulletins: Android Security Bulletin\u2014June 2018",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=android_security_bulletins\u0026qid=cc496c56e2bf669809bfb568f59af8e1"
},
{
"title": "SamsungReleaseNotes",
"trust": 0.1,
"url": "https://github.com/samreleasenotes/SamsungReleaseNotes "
},
{
"title": "Threatpost",
"trust": 0.1,
"url": "https://threatpost.com/google-patches-11-critical-android-bugs-in-june-update/132512/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2017-18155"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014044"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-109249"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014044"
},
{
"db": "NVD",
"id": "CVE-2017-18155"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "https://source.android.com/security/bulletin/2018-06-01#qualcomm-components"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-18155"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-18155"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://threatpost.com/google-patches-11-critical-android-bugs-in-june-update/132512/"
},
{
"trust": 0.1,
"url": "https://source.android.com/security/bulletin/2018-06-01.html"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-109249"
},
{
"db": "VULMON",
"id": "CVE-2017-18155"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014044"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-1138"
},
{
"db": "NVD",
"id": "CVE-2017-18155"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-109249"
},
{
"db": "VULMON",
"id": "CVE-2017-18155"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014044"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-1138"
},
{
"db": "NVD",
"id": "CVE-2017-18155"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-07-12T00:00:00",
"db": "VULHUB",
"id": "VHN-109249"
},
{
"date": "2018-07-12T00:00:00",
"db": "VULMON",
"id": "CVE-2017-18155"
},
{
"date": "2018-10-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-014044"
},
{
"date": "2018-07-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201807-1138"
},
{
"date": "2018-07-12T14:29:00.210000",
"db": "NVD",
"id": "CVE-2017-18155"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-09-10T00:00:00",
"db": "VULHUB",
"id": "VHN-109249"
},
{
"date": "2018-09-10T00:00:00",
"db": "VULMON",
"id": "CVE-2017-18155"
},
{
"date": "2018-10-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-014044"
},
{
"date": "2018-07-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201807-1138"
},
{
"date": "2024-11-21T03:19:27.690000",
"db": "NVD",
"id": "CVE-2017-18155"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201807-1138"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Snapdragon Automobile and Snapdragon Mobile Input validation vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-014044"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201807-1138"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…