var-201810-0062
Vulnerability from variot
Lack of Input Validation in SDMX API can lead to NULL pointer access in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear in versions MDM9206, MDM9607, MDM9650, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660 . Snapdragon Automobile , Snapdragon Mobile , Snapdragon Wear Is NULL A vulnerability related to pointer dereference exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Qualcomm MDM9607 is a central processing unit (CPU) product of Qualcomm (Qualcomm). There are security vulnerabilities in Broadcast in several Qualcomm Snapdragon products. The vulnerability is caused by SDMX API not performing input validation. An attacker could exploit this vulnerability to cause a denial of service (null pointer backreference)
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "sda660",
"scope": "eq",
"trust": 1.6,
"vendor": "qualcomm",
"version": null
},
{
"_id": null,
"model": "sd 810",
"scope": "eq",
"trust": 1.6,
"vendor": "qualcomm",
"version": null
},
{
"_id": null,
"model": "sd 835",
"scope": "eq",
"trust": 1.6,
"vendor": "qualcomm",
"version": null
},
{
"_id": null,
"model": "sd 845",
"scope": "eq",
"trust": 1.6,
"vendor": "qualcomm",
"version": null
},
{
"_id": null,
"model": "sd 412",
"scope": "eq",
"trust": 1.6,
"vendor": "qualcomm",
"version": null
},
{
"_id": null,
"model": "sd 410",
"scope": "eq",
"trust": 1.6,
"vendor": "qualcomm",
"version": null
},
{
"_id": null,
"model": "sd 430",
"scope": "eq",
"trust": 1.6,
"vendor": "qualcomm",
"version": null
},
{
"_id": null,
"model": "sd 617",
"scope": "eq",
"trust": 1.6,
"vendor": "qualcomm",
"version": null
},
{
"_id": null,
"model": "sd 425",
"scope": "eq",
"trust": 1.6,
"vendor": "qualcomm",
"version": null
},
{
"_id": null,
"model": "sd 850",
"scope": "eq",
"trust": 1.6,
"vendor": "qualcomm",
"version": null
},
{
"_id": null,
"model": "msm8996au",
"scope": "eq",
"trust": 1.0,
"vendor": "qualcomm",
"version": null
},
{
"_id": null,
"model": "sd 415",
"scope": "eq",
"trust": 1.0,
"vendor": "qualcomm",
"version": null
},
{
"_id": null,
"model": "sd 205",
"scope": "eq",
"trust": 1.0,
"vendor": "qualcomm",
"version": null
},
{
"_id": null,
"model": "sd 212",
"scope": "eq",
"trust": 1.0,
"vendor": "qualcomm",
"version": null
},
{
"_id": null,
"model": "sd 650",
"scope": "eq",
"trust": 1.0,
"vendor": "qualcomm",
"version": null
},
{
"_id": null,
"model": "sd 652",
"scope": "eq",
"trust": 1.0,
"vendor": "qualcomm",
"version": null
},
{
"_id": null,
"model": "sd 820a",
"scope": "eq",
"trust": 1.0,
"vendor": "qualcomm",
"version": null
},
{
"_id": null,
"model": "mdm9607",
"scope": "eq",
"trust": 1.0,
"vendor": "qualcomm",
"version": null
},
{
"_id": null,
"model": "sd 615",
"scope": "eq",
"trust": 1.0,
"vendor": "qualcomm",
"version": null
},
{
"_id": null,
"model": "mdm9650",
"scope": "eq",
"trust": 1.0,
"vendor": "qualcomm",
"version": null
},
{
"_id": null,
"model": "mdm9206",
"scope": "eq",
"trust": 1.0,
"vendor": "qualcomm",
"version": null
},
{
"_id": null,
"model": "sd 820",
"scope": "eq",
"trust": 1.0,
"vendor": "qualcomm",
"version": null
},
{
"_id": null,
"model": "sd 450",
"scope": "eq",
"trust": 1.0,
"vendor": "qualcomm",
"version": null
},
{
"_id": null,
"model": "sd 616",
"scope": "eq",
"trust": 1.0,
"vendor": "qualcomm",
"version": null
},
{
"_id": null,
"model": "sd 210",
"scope": "eq",
"trust": 1.0,
"vendor": "qualcomm",
"version": null
},
{
"_id": null,
"model": "sd 625",
"scope": "eq",
"trust": 1.0,
"vendor": "qualcomm",
"version": null
},
{
"_id": null,
"model": "mdm9206",
"scope": null,
"trust": 0.8,
"vendor": "qualcomm",
"version": null
},
{
"_id": null,
"model": "msm8996au",
"scope": null,
"trust": 0.8,
"vendor": "qualcomm",
"version": null
},
{
"_id": null,
"model": "sd 205",
"scope": null,
"trust": 0.8,
"vendor": "qualcomm",
"version": null
},
{
"_id": null,
"model": "sd 820a",
"scope": null,
"trust": 0.8,
"vendor": "qualcomm",
"version": null
},
{
"_id": null,
"model": "sda 660",
"scope": null,
"trust": 0.8,
"vendor": "qualcomm",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-014316"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-1159"
},
{
"db": "NVD",
"id": "CVE-2017-18298"
}
]
},
"configurations": {
"_id": null,
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:qualcomm:mdm9206_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:qualcomm:msm8996au_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:qualcomm:sd_205_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:qualcomm:sd_820a_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:qualcomm:sda_660_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-014316"
}
]
},
"cve": "CVE-2017-18298",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CVE-2017-18298",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "VHN-109406",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2017-18298",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-18298",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2017-18298",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201810-1159",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-109406",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2017-18298",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-109406"
},
{
"db": "VULMON",
"id": "CVE-2017-18298"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014316"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-1159"
},
{
"db": "NVD",
"id": "CVE-2017-18298"
}
]
},
"description": {
"_id": null,
"data": "Lack of Input Validation in SDMX API can lead to NULL pointer access in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear in versions MDM9206, MDM9607, MDM9650, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660 . Snapdragon Automobile , Snapdragon Mobile , Snapdragon Wear Is NULL A vulnerability related to pointer dereference exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Qualcomm MDM9607 is a central processing unit (CPU) product of Qualcomm (Qualcomm). There are security vulnerabilities in Broadcast in several Qualcomm Snapdragon products. The vulnerability is caused by SDMX API not performing input validation. An attacker could exploit this vulnerability to cause a denial of service (null pointer backreference)",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-18298"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014316"
},
{
"db": "VULHUB",
"id": "VHN-109406"
},
{
"db": "VULMON",
"id": "CVE-2017-18298"
}
],
"trust": 1.8
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2017-18298",
"trust": 2.6
},
{
"db": "SECTRACK",
"id": "1041432",
"trust": 1.2
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014316",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201810-1159",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-109406",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2017-18298",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-109406"
},
{
"db": "VULMON",
"id": "CVE-2017-18298"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014316"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-1159"
},
{
"db": "NVD",
"id": "CVE-2017-18298"
}
]
},
"id": "VAR-201810-0062",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-109406"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T21:24:31.921000Z",
"patch": {
"_id": null,
"data": [
{
"title": "October 2018 Qualcomm Technologies, Inc. Security Bulletin",
"trust": 0.8,
"url": "https://www.qualcomm.com/company/product-security/bulletins"
},
{
"title": "Multiple Qualcomm Snapdragon product Broadcast Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=86257"
},
{
"title": "Android Security Bulletins: Android Security Bulletin\u2014August 2018",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=android_security_bulletins\u0026qid=746dc14fcd3f5e139648cfdc9d9039a9"
},
{
"title": "SamsungReleaseNotes",
"trust": 0.1,
"url": "https://github.com/samreleasenotes/SamsungReleaseNotes "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2017-18298"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014316"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-1159"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-476",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-109406"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014316"
},
{
"db": "NVD",
"id": "CVE-2017-18298"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 1.8,
"url": "https://source.android.com/security/bulletin/2018-08-01#qualcomm-closed-source-components"
},
{
"trust": 1.8,
"url": "https://www.qualcomm.com/company/product-security/bulletins"
},
{
"trust": 1.2,
"url": "http://www.securitytracker.com/id/1041432"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-18298"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-18298"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/476.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://source.android.com/security/bulletin/2018-08-01.html"
},
{
"trust": 0.1,
"url": "https://github.com/samreleasenotes/samsungreleasenotes"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-109406"
},
{
"db": "VULMON",
"id": "CVE-2017-18298"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014316"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-1159"
},
{
"db": "NVD",
"id": "CVE-2017-18298"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "VULHUB",
"id": "VHN-109406",
"ident": null
},
{
"db": "VULMON",
"id": "CVE-2017-18298",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014316",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-201810-1159",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2017-18298",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2018-10-23T00:00:00",
"db": "VULHUB",
"id": "VHN-109406",
"ident": null
},
{
"date": "2018-10-23T00:00:00",
"db": "VULMON",
"id": "CVE-2017-18298",
"ident": null
},
{
"date": "2019-01-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-014316",
"ident": null
},
{
"date": "2018-10-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201810-1159",
"ident": null
},
{
"date": "2018-10-23T13:29:01.883000",
"db": "NVD",
"id": "CVE-2017-18298",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2018-12-10T00:00:00",
"db": "VULHUB",
"id": "VHN-109406",
"ident": null
},
{
"date": "2018-12-10T00:00:00",
"db": "VULMON",
"id": "CVE-2017-18298",
"ident": null
},
{
"date": "2019-01-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-014316",
"ident": null
},
{
"date": "2020-07-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201810-1159",
"ident": null
},
{
"date": "2024-11-21T03:19:48.147000",
"db": "NVD",
"id": "CVE-2017-18298",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201810-1159"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "plural Snapdragon In product NULL Pointer dereference vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-014316"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201810-1159"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…