Vulnerability-Lookup

CVE-2019-5699 (GCVE-0-2019-5699)

Vulnerability from cvelistv5 – Published: 2019-10-09 21:05 – Updated: 2024-08-04 20:01

Summary

Severity ?

No CVSS data available.

CWE

code execution, escalation of privileges

Assigner

nvidia

References

URL

	Vendor	Product	Version
	n/a	NVIDIA SHIELD TV	Affected: SHIELD Experience prior to v8.0.1

GSD-2019-5699

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

Aliases

CVE-2019-5699

Aliases

CVE-2019-5699

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2019-5699",
    "description": "NVIDIA Shield TV Experience prior to v8.0.1, NVIDIA Tegra bootloader contains a vulnerability where the software performs an incorrect bounds check, which may lead to buffer overflow resulting in escalation of privileges and code execution. escalation of privileges, and information disclosure, code execution, denial of service, or escalation of privileges.",
    "id": "GSD-2019-5699"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2019-5699"
      ],
      "details": "NVIDIA Shield TV Experience prior to v8.0.1, NVIDIA Tegra bootloader contains a vulnerability where the software performs an incorrect bounds check, which may lead to buffer overflow resulting in escalation of privileges and code execution. escalation of privileges, and information disclosure, code execution, denial of service, or escalation of privileges.",
      "id": "GSD-2019-5699",
      "modified": "2023-12-13T01:23:55.183871Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@nvidia.com",
        "ID": "CVE-2019-5699",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "NVIDIA SHIELD TV",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "SHIELD Experience prior to v8.0.1"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "NVIDIA Shield TV Experience prior to v8.0.1, NVIDIA Tegra bootloader contains a vulnerability where the software performs an incorrect bounds check, which may lead to buffer overflow resulting in escalation of privileges and code execution. escalation of privileges, and information disclosure, code execution, denial of service, or escalation of privileges."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "code execution, escalation of privileges"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://nvidia.custhelp.com/app/answers/detail/a_id/4875",
            "refsource": "CONFIRM",
            "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4875"
          },
          {
            "name": "https://nvidia.custhelp.com/app/answers/detail/a_id/4910",
            "refsource": "CONFIRM",
            "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4910"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:nvidia:shield_experience:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "8.0.1",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:google:android:9.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@nvidia.com",
          "ID": "CVE-2019-5699"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "NVIDIA Shield TV Experience prior to v8.0.1, NVIDIA Tegra bootloader contains a vulnerability where the software performs an incorrect bounds check, which may lead to buffer overflow resulting in escalation of privileges and code execution. escalation of privileges, and information disclosure, code execution, denial of service, or escalation of privileges."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-119"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://nvidia.custhelp.com/app/answers/detail/a_id/4875",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4875"
            },
            {
              "name": "https://nvidia.custhelp.com/app/answers/detail/a_id/4910",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4910"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 1.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2019-12-05T08:15Z",
      "publishedDate": "2019-10-09T22:15Z"
    }
  }
}

VAR-201910-0295

Vulnerability from variot - Updated: 2024-11-23 21:51

NVIDIA Shield TV Experience prior to v8.0.1, NVIDIA Tegra bootloader contains a vulnerability where the software performs an incorrect bounds check, which may lead to buffer overflow resulting in escalation of privileges and code execution. escalation of privileges, and information disclosure, code execution, denial of service, or escalation of privileges. NVIDIA SHIELD TV entertainment console is a living room entertainment device released by NVIDIA. This vulnerability originates from incorrect boundary checks performed by programs

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201910-0295",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "shield experience",
        "scope": "lt",
        "trust": 1.8,
        "vendor": "nvidia",
        "version": "8.0.1"
      },
      {
        "model": "shield tv experience",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "nvidia",
        "version": "8.0.1"
      },
      {
        "model": "shield experience",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "nvidia",
        "version": "6.3"
      },
      {
        "model": "shield experience",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "nvidia",
        "version": "8.0"
      },
      {
        "model": "shield experience",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "nvidia",
        "version": "6.2"
      },
      {
        "model": "shield experience",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "nvidia",
        "version": "7.0"
      },
      {
        "model": "shield experience",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "nvidia",
        "version": "6.0"
      },
      {
        "model": "shield experience",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "nvidia",
        "version": "7.2"
      },
      {
        "model": "shield experience",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "nvidia",
        "version": "6.1"
      },
      {
        "model": "shield experience",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "nvidia",
        "version": "7.1"
      },
      {
        "model": "android",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "google",
        "version": "9.0"
      },
      {
        "model": "shield experience",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "nvidia",
        "version": "7.2.3"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-36994"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-010613"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201910-638"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-5699"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:nvidia:shield_experience",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-010613"
      }
    ]
  },
  "cve": "CVE-2019-5699",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.9,
            "id": "CVE-2019-5699",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 1.8,
            "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.9,
            "id": "CNVD-2019-36994",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.6,
            "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.8,
            "id": "CVE-2019-5699",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Local",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 7.8,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2019-5699",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "Low",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2019-5699",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2019-5699",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2019-36994",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201910-638",
            "trust": 0.6,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-36994"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-010613"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201910-638"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-5699"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "NVIDIA Shield TV Experience prior to v8.0.1, NVIDIA Tegra bootloader contains a vulnerability where the software performs an incorrect bounds check, which may lead to buffer overflow resulting in escalation of privileges and code execution. escalation of privileges, and information disclosure, code execution, denial of service, or escalation of privileges. NVIDIA SHIELD TV entertainment console is a living room entertainment device released by NVIDIA. This vulnerability originates from incorrect boundary checks performed by programs",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-5699"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-010613"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2019-36994"
      }
    ],
    "trust": 2.16
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2019-5699",
        "trust": 3.0
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-010613",
        "trust": 0.8
      },
      {
        "db": "CNVD",
        "id": "CNVD-2019-36994",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201910-638",
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-36994"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-010613"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201910-638"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-5699"
      }
    ]
  },
  "id": "VAR-201910-0295",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-36994"
      }
    ],
    "trust": 1.1625
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "IoT"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-36994"
      }
    ]
  },
  "last_update_date": "2024-11-23T21:51:57.286000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Answer ID 4875",
        "trust": 0.8,
        "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4875"
      },
      {
        "title": "Patch for NVIDIA Shield TV Experience Buffer Overflow Vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/186907"
      },
      {
        "title": "NVIDIA Shield TV Experience Buffer error vulnerability fix",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=99273"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-36994"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-010613"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201910-638"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-119",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-010613"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-5699"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.2,
        "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4875"
      },
      {
        "trust": 2.0,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-5699"
      },
      {
        "trust": 1.6,
        "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4910"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5699"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-36994"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-010613"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201910-638"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-5699"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-36994"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-010613"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201910-638"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-5699"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-10-24T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2019-36994"
      },
      {
        "date": "2019-10-17T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-010613"
      },
      {
        "date": "2019-10-09T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201910-638"
      },
      {
        "date": "2019-10-09T22:15:10.950000",
        "db": "NVD",
        "id": "CVE-2019-5699"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-10-24T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2019-36994"
      },
      {
        "date": "2019-10-17T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-010613"
      },
      {
        "date": "2019-12-06T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201910-638"
      },
      {
        "date": "2024-11-21T04:45:22.170000",
        "db": "NVD",
        "id": "CVE-2019-5699"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201910-638"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "NVIDIA Shield TV Experience Buffer error vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-010613"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201910-638"
      }
    ],
    "trust": 1.4
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "buffer error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201910-638"
      }
    ],
    "trust": 0.6
  }
}

GHSA-5V3C-7PPR-PMXW

Vulnerability from github – Published: 2022-05-24 16:58 – Updated: 2022-05-24 16:58

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2019-5699"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-10-09T22:15:00Z",
    "severity": "HIGH"
  },
  "details": "NVIDIA Shield TV Experience prior to v8.0.1, NVIDIA Tegra bootloader contains a vulnerability where the software performs an incorrect bounds check, which may lead to buffer overflow resulting in escalation of privileges and code execution. escalation of privileges, and information disclosure, code execution, denial of service, or escalation of privileges.",
  "id": "GHSA-5v3c-7ppr-pmxw",
  "modified": "2022-05-24T16:58:35Z",
  "published": "2022-05-24T16:58:35Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5699"
    },
    {
      "type": "WEB",
      "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4875"
    },
    {
      "type": "WEB",
      "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4910"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CNVD-2019-36994

Vulnerability from cnvd - Published: 2019-10-24

Title

NVIDIA Shield TV Experience缓冲区溢出漏洞

Description

NVIDIA SHIELD TV娱乐主机是英伟达发布的一款客厅娱乐设备。 NVIDIA Shield TV Experience 8.0.1之前版本中的NVIDIA Tegra bootloader存在缓冲区溢出漏洞，该漏洞源于程序进行的错误的边界检查，攻击者可利用该漏洞提升权限，泄露信息，执行代码或造成拒绝服务。

Severity

高

Patch Name

NVIDIA Shield TV Experience缓冲区溢出漏洞的补丁

Patch Description

NVIDIA SHIELD TV娱乐主机是英伟达发布的一款客厅娱乐设备。 NVIDIA Shield TV Experience 8.0.1之前版本中的NVIDIA Tegra bootloader存在缓冲区溢出漏洞，该漏洞源于程序进行的错误的边界检查，攻击者可利用该漏洞提升权限，泄露信息，执行代码或造成拒绝服务。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://nvidia.custhelp.com/app/answers/detail/a_id/4875

Reference

https://nvidia.custhelp.com/app/answers/detail/a_id/4875 https://nvd.nist.gov/vuln/detail/CVE-2019-5699

Impacted products

Name
NVIDIA Shield TV Experience <8.0.1

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2019-5699",
      "cveUrl": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5699"
    }
  },
  "description": "NVIDIA SHIELD TV\u5a31\u4e50\u4e3b\u673a\u662f\u82f1\u4f1f\u8fbe\u53d1\u5e03\u7684\u4e00\u6b3e\u5ba2\u5385\u5a31\u4e50\u8bbe\u5907\u3002\n\nNVIDIA Shield TV Experience 8.0.1\u4e4b\u524d\u7248\u672c\u4e2d\u7684NVIDIA Tegra bootloader\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u8fdb\u884c\u7684\u9519\u8bef\u7684\u8fb9\u754c\u68c0\u67e5\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u63d0\u5347\u6743\u9650\uff0c\u6cc4\u9732\u4fe1\u606f\uff0c\u6267\u884c\u4ee3\u7801\u6216\u9020\u6210\u62d2\u7edd\u670d\u52a1\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://nvidia.custhelp.com/app/answers/detail/a_id/4875",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2019-36994",
  "openTime": "2019-10-24",
  "patchDescription": "NVIDIA SHIELD TV\u5a31\u4e50\u4e3b\u673a\u662f\u82f1\u4f1f\u8fbe\u53d1\u5e03\u7684\u4e00\u6b3e\u5ba2\u5385\u5a31\u4e50\u8bbe\u5907\u3002\r\n\r\nNVIDIA Shield TV Experience 8.0.1\u4e4b\u524d\u7248\u672c\u4e2d\u7684NVIDIA Tegra bootloader\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u8fdb\u884c\u7684\u9519\u8bef\u7684\u8fb9\u754c\u68c0\u67e5\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u63d0\u5347\u6743\u9650\uff0c\u6cc4\u9732\u4fe1\u606f\uff0c\u6267\u884c\u4ee3\u7801\u6216\u9020\u6210\u62d2\u7edd\u670d\u52a1\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "NVIDIA Shield TV Experience\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "NVIDIA Shield TV Experience \u003c8.0.1"
  },
  "referenceLink": "https://nvidia.custhelp.com/app/answers/detail/a_id/4875\r\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-5699",
  "serverity": "\u9ad8",
  "submitTime": "2019-10-09",
  "title": "NVIDIA Shield TV Experience\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e"
}

FKIE_CVE-2019-5699

Vulnerability from fkie_nvd - Published: 2019-10-09 22:15 - Updated: 2024-11-21 04:45

Severity ?

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
psirt@nvidia.com	https://nvidia.custhelp.com/app/answers/detail/a_id/4875	Vendor Advisory
psirt@nvidia.com	https://nvidia.custhelp.com/app/answers/detail/a_id/4910
af854a3a-2127-422b-91ae-364da2661108	https://nvidia.custhelp.com/app/answers/detail/a_id/4875	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://nvidia.custhelp.com/app/answers/detail/a_id/4910

Impacted products

	Vendor	Product	Version
	nvidia	shield_experience	*
	google	android	9.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:nvidia:shield_experience:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F9EFF27-D43B-4229-AB5A-861525778077",
              "versionEndExcluding": "8.0.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:google:android:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8DFAAD08-36DA-4C95-8200-C29FE5B6B854",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "NVIDIA Shield TV Experience prior to v8.0.1, NVIDIA Tegra bootloader contains a vulnerability where the software performs an incorrect bounds check, which may lead to buffer overflow resulting in escalation of privileges and code execution. escalation of privileges, and information disclosure, code execution, denial of service, or escalation of privileges."
    },
    {
      "lang": "es",
      "value": "NVIDIA Shield TV Experience versi\u00f3n anterior a v8.0.1, el cargador de arranque de NVIDIA Tegra contiene una vulnerabilidad en la que el software realiza una comprobaci\u00f3n de l\u00edmites incorrecta, lo que puede conllevar a un desbordamiento del b\u00fafer que resulta en una escalada de privilegios y ejecuci\u00f3n de c\u00f3digo, escalada de privilegios y divulgaci\u00f3n de informaci\u00f3n, ejecuci\u00f3n de c\u00f3digo, denegaci\u00f3n de servicio o escalada de privilegios."
    }
  ],
  "id": "CVE-2019-5699",
  "lastModified": "2024-11-21T04:45:22.170",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.2,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-10-09T22:15:10.950",
  "references": [
    {
      "source": "psirt@nvidia.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4875"
    },
    {
      "source": "psirt@nvidia.com",
      "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4910"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4875"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4910"
    }
  ],
  "sourceIdentifier": "psirt@nvidia.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2019-5699 (GCVE-0-2019-5699)

GSD-2019-5699

VAR-201910-0295

GHSA-5V3C-7PPR-PMXW

CNVD-2019-36994

FKIE_CVE-2019-5699

Tags

Sightings

Nomenclature