CVE-2017-8248

Published: Aug 16, 2017Modified: May 13, 2026

9.8

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

A buffer overflow may occur in the processing of a downlink NAS message in Qualcomm Telephony as used in Apple iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation.

Affected (1)

Products: Apple: Iphone Os

Apple

1 product

Iphone Os

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Apple Iphone Os	Up to 10.3.2

Related CWEs

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

References (8)

http://seclists.org/fulldisclosure/2017/Jul/34

Source: product-security@qualcomm.com

Mailing ListThird Party Advisory

http://www.securityfocus.com/bid/106128

Source: product-security@qualcomm.com

http://www.securityfocus.com/bid/99891

Source: product-security@qualcomm.com

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1038950

Source: product-security@qualcomm.com

Third Party AdvisoryVDB Entry

http://seclists.org/fulldisclosure/2017/Jul/34

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

http://www.securityfocus.com/bid/106128

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/99891

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1038950

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

Timeline

No history available yet.