← Back

CVE-2019-2339

nvd nist
Published: Nov 21, 2019Modified: Nov 21, 2024

JSON object

Loading...
7.8
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitability: 1.8 / Impact: 5.9
Source: NVD

Description

Out of bound access due to lack of check of whiltelist array size while reading the image elf segments. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in MDM9205, QCS404, QCS605, SDA845, SDM670, SDM710, SDM845, SDM850, SDX24, SDX55, SM6150, SM7150, SM8150, SXR1130, SXR2130

Affected (15)

Qualcomm
15 products
Mdm9205 Firmware
Qcs404 Firmware
Qcs605 Firmware
Sda845 Firmware
Sdm670 Firmware
Sdm710 Firmware
Sdm845 Firmware
Sdm850 Firmware
Sdx24 Firmware
Sdx55 Firmware
Sm6150 Firmware
Sm7150 Firmware
Sm8150 Firmware
Sxr1130 Firmware
Sxr2130 Firmware
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Mdm9205 Firmware
All versions
Running on/withPlatform Versions
Qualcomm
Mdm9205
All versions
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Qcs404 Firmware
All versions
Running on/withPlatform Versions
Qualcomm
Qcs404
All versions
Configuration C
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Qcs605 Firmware
All versions
Running on/withPlatform Versions
Qualcomm
Qcs605
All versions
Configuration D
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Sda845 Firmware
All versions
Running on/withPlatform Versions
Qualcomm
Sda845
All versions
Configuration E
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Sdm670 Firmware
All versions
Running on/withPlatform Versions
Qualcomm
Sdm670
All versions
Configuration F
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Sdm710 Firmware
All versions
Running on/withPlatform Versions
Qualcomm
Sdm710
All versions
Configuration G
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Sdm845 Firmware
All versions
Running on/withPlatform Versions
Qualcomm
Sdm845
All versions
Configuration H
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Sdm850 Firmware
All versions
Running on/withPlatform Versions
Qualcomm
Sdm850
All versions
Configuration I
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Sdx24 Firmware
All versions
Running on/withPlatform Versions
Qualcomm
Sdx24
All versions
Configuration J
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Sdx55 Firmware
All versions
Running on/withPlatform Versions
Qualcomm
Sdx55
All versions
Configuration K
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Sm6150 Firmware
All versions
Running on/withPlatform Versions
Qualcomm
Sm6150
All versions
Configuration L
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Sm7150 Firmware
All versions
Running on/withPlatform Versions
Qualcomm
Sm7150
All versions
Configuration M
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Sm8150 Firmware
All versions
Running on/withPlatform Versions
Qualcomm
Sm8150
All versions
Configuration N
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Sxr1130 Firmware
All versions
Running on/withPlatform Versions
Qualcomm
Sxr1130
All versions
Configuration O
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Sxr2130 Firmware
All versions
Running on/withPlatform Versions
Qualcomm
Sxr2130
All versions

Related CWEs

CWE-129
Improper Validation of Array Index
The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.

References (2)

Source: product-security@qualcomm.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.