← Back

CVE-2019-10589

nvd nist
Published: Apr 16, 2020Modified: Nov 21, 2024

JSON object

Loading...
9.8
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 3.9 / Impact: 5.9
Source: NVD

Description

Lack of length check of response buffer can lead to buffer over-flow while GP command response buffer handling in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8017, APQ8053, APQ8098, MDM9206, MDM9607, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8998, QM215, SDA660, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660

Affected (20)

Qualcomm
20 products
Apq8017 Firmware
Apq8053 Firmware
Apq8098 Firmware
Mdm9206 Firmware
Mdm9607 Firmware
Msm8917 Firmware
Msm8920 Firmware
Msm8937 Firmware
Msm8940 Firmware
Msm8953 Firmware
Msm8998 Firmware
Qm215 Firmware
Sda660 Firmware
Sdm429 Firmware
Sdm439 Firmware
Sdm450 Firmware
Sdm630 Firmware
Sdm632 Firmware
Sdm636 Firmware
Sdm660 Firmware
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Apq8017 Firmware
All versions
Running on/withPlatform Versions
Qualcomm
Apq8017
All versions
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Apq8053 Firmware
All versions
Running on/withPlatform Versions
Qualcomm
Apq8053
All versions
Configuration C
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Apq8098 Firmware
All versions
Running on/withPlatform Versions
Qualcomm
Apq8098
All versions
Configuration D
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Mdm9206 Firmware
All versions
Running on/withPlatform Versions
Qualcomm
Mdm9206
All versions
Configuration E
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Mdm9607 Firmware
All versions
Running on/withPlatform Versions
Qualcomm
Mdm9607
All versions
Configuration F
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Msm8917 Firmware
All versions
Running on/withPlatform Versions
Qualcomm
Msm8917
All versions
Configuration G
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Msm8920 Firmware
All versions
Running on/withPlatform Versions
Qualcomm
Msm8920
All versions
Configuration H
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Msm8937 Firmware
All versions
Running on/withPlatform Versions
Qualcomm
Msm8937
All versions
Configuration I
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Msm8940 Firmware
All versions
Running on/withPlatform Versions
Qualcomm
Msm8940
All versions
Configuration J
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Msm8953 Firmware
All versions
Running on/withPlatform Versions
Qualcomm
Msm8953
All versions
Configuration K
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Msm8998 Firmware
All versions
Running on/withPlatform Versions
Qualcomm
Msm8998
All versions
Configuration L
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Qm215 Firmware
All versions
Running on/withPlatform Versions
Qualcomm
Qm215
All versions
Configuration M
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Sda660 Firmware
All versions
Running on/withPlatform Versions
Qualcomm
Sda660
All versions
Configuration N
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Sdm429 Firmware
All versions
Running on/withPlatform Versions
Qualcomm
Sdm429
All versions
Configuration O
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Sdm439 Firmware
All versions
Running on/withPlatform Versions
Qualcomm
Sdm439
All versions
Configuration P
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Sdm450 Firmware
All versions
Running on/withPlatform Versions
Qualcomm
Sdm450
All versions
Configuration Q
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Sdm630 Firmware
All versions
Running on/withPlatform Versions
Qualcomm
Sdm630
All versions
Configuration R
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Sdm632 Firmware
All versions
Running on/withPlatform Versions
Qualcomm
Sdm632
All versions
Configuration S
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Sdm636 Firmware
All versions
Running on/withPlatform Versions
Qualcomm
Sdm636
All versions
Configuration T
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Sdm660 Firmware
All versions
Running on/withPlatform Versions
Qualcomm
Sdm660
All versions

Related CWEs

CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

References (2)

Source: product-security@qualcomm.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.