VAR-201810-0062
Vulnerability from variot - Updated: 2024-11-23 21:24Lack of Input Validation in SDMX API can lead to NULL pointer access in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear in versions MDM9206, MDM9607, MDM9650, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660 . Snapdragon Automobile , Snapdragon Mobile , Snapdragon Wear Is NULL A vulnerability related to pointer dereference exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Qualcomm MDM9607 is a central processing unit (CPU) product of Qualcomm (Qualcomm). There are security vulnerabilities in Broadcast in several Qualcomm Snapdragon products. The vulnerability is caused by SDMX API not performing input validation. An attacker could exploit this vulnerability to cause a denial of service (null pointer backreference)
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "sda660",
"scope": "eq",
"trust": 1.6,
"vendor": "qualcomm",
"version": null
},
{
"_id": null,
"model": "sd 810",
"scope": "eq",
"trust": 1.6,
"vendor": "qualcomm",
"version": null
},
{
"_id": null,
"model": "sd 835",
"scope": "eq",
"trust": 1.6,
"vendor": "qualcomm",
"version": null
},
{
"_id": null,
"model": "sd 845",
"scope": "eq",
"trust": 1.6,
"vendor": "qualcomm",
"version": null
},
{
"_id": null,
"model": "sd 412",
"scope": "eq",
"trust": 1.6,
"vendor": "qualcomm",
"version": null
},
{
"_id": null,
"model": "sd 410",
"scope": "eq",
"trust": 1.6,
"vendor": "qualcomm",
"version": null
},
{
"_id": null,
"model": "sd 430",
"scope": "eq",
"trust": 1.6,
"vendor": "qualcomm",
"version": null
},
{
"_id": null,
"model": "sd 617",
"scope": "eq",
"trust": 1.6,
"vendor": "qualcomm",
"version": null
},
{
"_id": null,
"model": "sd 425",
"scope": "eq",
"trust": 1.6,
"vendor": "qualcomm",
"version": null
},
{
"_id": null,
"model": "sd 850",
"scope": "eq",
"trust": 1.6,
"vendor": "qualcomm",
"version": null
},
{
"_id": null,
"model": "msm8996au",
"scope": "eq",
"trust": 1.0,
"vendor": "qualcomm",
"version": null
},
{
"_id": null,
"model": "sd 415",
"scope": "eq",
"trust": 1.0,
"vendor": "qualcomm",
"version": null
},
{
"_id": null,
"model": "sd 205",
"scope": "eq",
"trust": 1.0,
"vendor": "qualcomm",
"version": null
},
{
"_id": null,
"model": "sd 212",
"scope": "eq",
"trust": 1.0,
"vendor": "qualcomm",
"version": null
},
{
"_id": null,
"model": "sd 650",
"scope": "eq",
"trust": 1.0,
"vendor": "qualcomm",
"version": null
},
{
"_id": null,
"model": "sd 652",
"scope": "eq",
"trust": 1.0,
"vendor": "qualcomm",
"version": null
},
{
"_id": null,
"model": "sd 820a",
"scope": "eq",
"trust": 1.0,
"vendor": "qualcomm",
"version": null
},
{
"_id": null,
"model": "mdm9607",
"scope": "eq",
"trust": 1.0,
"vendor": "qualcomm",
"version": null
},
{
"_id": null,
"model": "sd 615",
"scope": "eq",
"trust": 1.0,
"vendor": "qualcomm",
"version": null
},
{
"_id": null,
"model": "mdm9650",
"scope": "eq",
"trust": 1.0,
"vendor": "qualcomm",
"version": null
},
{
"_id": null,
"model": "mdm9206",
"scope": "eq",
"trust": 1.0,
"vendor": "qualcomm",
"version": null
},
{
"_id": null,
"model": "sd 820",
"scope": "eq",
"trust": 1.0,
"vendor": "qualcomm",
"version": null
},
{
"_id": null,
"model": "sd 450",
"scope": "eq",
"trust": 1.0,
"vendor": "qualcomm",
"version": null
},
{
"_id": null,
"model": "sd 616",
"scope": "eq",
"trust": 1.0,
"vendor": "qualcomm",
"version": null
},
{
"_id": null,
"model": "sd 210",
"scope": "eq",
"trust": 1.0,
"vendor": "qualcomm",
"version": null
},
{
"_id": null,
"model": "sd 625",
"scope": "eq",
"trust": 1.0,
"vendor": "qualcomm",
"version": null
},
{
"_id": null,
"model": "mdm9206",
"scope": null,
"trust": 0.8,
"vendor": "qualcomm",
"version": null
},
{
"_id": null,
"model": "msm8996au",
"scope": null,
"trust": 0.8,
"vendor": "qualcomm",
"version": null
},
{
"_id": null,
"model": "sd 205",
"scope": null,
"trust": 0.8,
"vendor": "qualcomm",
"version": null
},
{
"_id": null,
"model": "sd 820a",
"scope": null,
"trust": 0.8,
"vendor": "qualcomm",
"version": null
},
{
"_id": null,
"model": "sda 660",
"scope": null,
"trust": 0.8,
"vendor": "qualcomm",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-014316"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-1159"
},
{
"db": "NVD",
"id": "CVE-2017-18298"
}
]
},
"configurations": {
"_id": null,
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:qualcomm:mdm9206_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:qualcomm:msm8996au_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:qualcomm:sd_205_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:qualcomm:sd_820a_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:qualcomm:sda_660_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-014316"
}
]
},
"cve": "CVE-2017-18298",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CVE-2017-18298",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "VHN-109406",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2017-18298",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-18298",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2017-18298",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201810-1159",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-109406",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2017-18298",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-109406"
},
{
"db": "VULMON",
"id": "CVE-2017-18298"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014316"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-1159"
},
{
"db": "NVD",
"id": "CVE-2017-18298"
}
]
},
"description": {
"_id": null,
"data": "Lack of Input Validation in SDMX API can lead to NULL pointer access in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear in versions MDM9206, MDM9607, MDM9650, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660 . Snapdragon Automobile , Snapdragon Mobile , Snapdragon Wear Is NULL A vulnerability related to pointer dereference exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Qualcomm MDM9607 is a central processing unit (CPU) product of Qualcomm (Qualcomm). There are security vulnerabilities in Broadcast in several Qualcomm Snapdragon products. The vulnerability is caused by SDMX API not performing input validation. An attacker could exploit this vulnerability to cause a denial of service (null pointer backreference)",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-18298"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014316"
},
{
"db": "VULHUB",
"id": "VHN-109406"
},
{
"db": "VULMON",
"id": "CVE-2017-18298"
}
],
"trust": 1.8
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2017-18298",
"trust": 2.6
},
{
"db": "SECTRACK",
"id": "1041432",
"trust": 1.2
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014316",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201810-1159",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-109406",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2017-18298",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-109406"
},
{
"db": "VULMON",
"id": "CVE-2017-18298"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014316"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-1159"
},
{
"db": "NVD",
"id": "CVE-2017-18298"
}
]
},
"id": "VAR-201810-0062",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-109406"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T21:24:31.921000Z",
"patch": {
"_id": null,
"data": [
{
"title": "October 2018 Qualcomm Technologies, Inc. Security Bulletin",
"trust": 0.8,
"url": "https://www.qualcomm.com/company/product-security/bulletins"
},
{
"title": "Multiple Qualcomm Snapdragon product Broadcast Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=86257"
},
{
"title": "Android Security Bulletins: Android Security Bulletin\u2014August 2018",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=android_security_bulletins\u0026qid=746dc14fcd3f5e139648cfdc9d9039a9"
},
{
"title": "SamsungReleaseNotes",
"trust": 0.1,
"url": "https://github.com/samreleasenotes/SamsungReleaseNotes "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2017-18298"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014316"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-1159"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-476",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-109406"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014316"
},
{
"db": "NVD",
"id": "CVE-2017-18298"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 1.8,
"url": "https://source.android.com/security/bulletin/2018-08-01#qualcomm-closed-source-components"
},
{
"trust": 1.8,
"url": "https://www.qualcomm.com/company/product-security/bulletins"
},
{
"trust": 1.2,
"url": "http://www.securitytracker.com/id/1041432"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-18298"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-18298"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/476.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://source.android.com/security/bulletin/2018-08-01.html"
},
{
"trust": 0.1,
"url": "https://github.com/samreleasenotes/samsungreleasenotes"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-109406"
},
{
"db": "VULMON",
"id": "CVE-2017-18298"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014316"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-1159"
},
{
"db": "NVD",
"id": "CVE-2017-18298"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "VULHUB",
"id": "VHN-109406",
"ident": null
},
{
"db": "VULMON",
"id": "CVE-2017-18298",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014316",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-201810-1159",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2017-18298",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2018-10-23T00:00:00",
"db": "VULHUB",
"id": "VHN-109406",
"ident": null
},
{
"date": "2018-10-23T00:00:00",
"db": "VULMON",
"id": "CVE-2017-18298",
"ident": null
},
{
"date": "2019-01-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-014316",
"ident": null
},
{
"date": "2018-10-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201810-1159",
"ident": null
},
{
"date": "2018-10-23T13:29:01.883000",
"db": "NVD",
"id": "CVE-2017-18298",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2018-12-10T00:00:00",
"db": "VULHUB",
"id": "VHN-109406",
"ident": null
},
{
"date": "2018-12-10T00:00:00",
"db": "VULMON",
"id": "CVE-2017-18298",
"ident": null
},
{
"date": "2019-01-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-014316",
"ident": null
},
{
"date": "2020-07-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201810-1159",
"ident": null
},
{
"date": "2024-11-21T03:19:48.147000",
"db": "NVD",
"id": "CVE-2017-18298",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201810-1159"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "plural Snapdragon In product NULL Pointer dereference vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-014316"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201810-1159"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…