CVE-2017-14913

Published: Mar 30, 2018Modified: Nov 21, 2024

9.8

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

In Android before 2018-01-05 on Qualcomm Snapdragon IoT, Snapdragon Mobile MDM9206, SD 625, SD 650/52, SD 835, SD 845, DDR address input validation is being improperly truncated.

Affected (6)

Products: Qualcomm: Mdm9206 Firmware, Sd 625 Firmware, Sd 650 Firmware, Sd 652 Firmware, Sd 835 Firmware, Sd 845 Firmware

6 products

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Mdm9206 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Mdm9206	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sd 625 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sd 625	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sd 650 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sd 650	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sd 652 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sd 652	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sd 835 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sd 835	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sd 845 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sd 845	All versions

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (6)

http://www.securityfocus.com/bid/102386

Source: product-security@qualcomm.com

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1040106

Source: product-security@qualcomm.com

Third Party AdvisoryVDB Entry

https://source.android.com/security/bulletin/2018-01-01

Source: product-security@qualcomm.com

Vendor Advisory

http://www.securityfocus.com/bid/102386

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1040106

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://source.android.com/security/bulletin/2018-01-01

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.