CVE-2019-14045

Possible buffer overflow while processing clientlog and serverlog due to lack of validation of data received in logs in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Mobile in APQ8096AU, QCS605, SDM439, SM8150, SXR1130

CVSS v3 9.8 CRITICAL
CVSS v2.0 10.0 HIGH

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

10.0^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
https://www.qualcomm.com/company/product-security/bulletins/march-2020-bulletin	Vendor Advisory
https://www.qualcomm.com/company/product-security/bulletins/march-2020-bulletin	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:qualcomm:apq8096au_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:apq8096au:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:qualcomm:qcs605_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:qcs605:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:qualcomm:sdm439_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sdm439:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:qualcomm:sm8150_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sm8150:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:qualcomm:sxr1130_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sxr1130:-:*:*:*:*:*:*:*

History

21 Nov 2024, 04:25

Type	Values Removed	Values Added
References	~~() https://www.qualcomm.com/company/product-security/bulletins/march-2020-bulletin - Vendor Advisory~~	() https://www.qualcomm.com/company/product-security/bulletins/march-2020-bulletin - Vendor Advisory

Information

Published : 2020-03-05 09:15

Updated : 2024-11-21 04:25

NVD link : CVE-2019-14045

Mitre link : CVE-2019-14045

CVE.ORG link : CVE-2019-14045

JSON object : View

Products Affected

qualcomm

apq8096au_firmware
sdm439_firmware
qcs605
qcs605_firmware
sxr1130_firmware
apq8096au
sdm439
sm8150
sm8150_firmware
sxr1130

CWE

CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

{"id": "CVE-2019-14045", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2020-03-05T09:15:17.063", "references": [{"url": "https://www.qualcomm.com/company/product-security/bulletins/march-2020-bulletin", "tags": ["Vendor Advisory"], "source": "product-security@qualcomm.com"}, {"url": "https://www.qualcomm.com/company/product-security/bulletins/march-2020-bulletin", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-120"}]}], "descriptions": [{"lang": "en", "value": "Possible buffer overflow while processing clientlog and serverlog due to lack of validation of data received in logs in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Mobile in APQ8096AU, QCS605, SDM439, SM8150, SXR1130"}, {"lang": "es", "value": "Un posible desbordamiento del b\u00fafer mientras se procesa clientlog y serverlog debido a una falta de comprobaci\u00f3n de los datos recibidos en registros en los productos de Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Mobile en las versiones APQ8096AU, QCS605, SDM439, SM8150, SXR1130."}], "lastModified": "2024-11-21T04:25:58.410", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:qualcomm:apq8096au_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DD17C0A3-A200-4659-968B-B2DA03CB683F"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:qualcomm:apq8096au:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "B1F31FFB-982A-4308-82F8-C2480DABDED8"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:qualcomm:qcs605_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B05FD66D-13A6-40E9-A64B-E428378F237E"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:qualcomm:qcs605:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "D0D665C1-3EBA-42F2-BF56-55E6C365F7DF"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:qualcomm:sdm439_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "84289E6D-DA2A-4D04-9DDA-E8C46DDDD056"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:qualcomm:sdm439:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "C0B56360-7AC3-410A-B7F8-1BE8514B3781"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:qualcomm:sm8150_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9286B1E8-E39F-4DAA-8969-311CA2A0A8AA"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:qualcomm:sm8150:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "19B9AE36-87A9-4EE7-87C8-CCA2DCF51039"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:qualcomm:sxr1130_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "096F7BA5-FF58-416B-93EF-733B16326C86"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:qualcomm:sxr1130:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "7AF958FB-1611-4102-A2DB-8D4311AE0D72"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "product-security@qualcomm.com"}