CVE-2017-18330

2019-01-03 16:29:01 2019-01-10 16:03:22

Buffer overflow in AES-CCM and AES-GCM encryption via initialization vector in snapdragon automobile, snapdragon mobile and snapdragon wear in versions IPQ8074, MDM9206, MDM9607, MDM9635M, MDM9640, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SDA660, SDM439, SDM630, SDM660, SDX24, Snapdragon_High_Med_2016.

Vector

LOCAL

Complexity

LOW

Authentication

NONE

Confidentiality

COMPLETE

Integrity

COMPLETE

Availability

COMPLETE

Qualcomm Ipq8074 firmware - (not an official CPE) Qualcomm Mdm9206 firmware - (not an official CPE) Qualcomm Mdm9607 firmware - (not an official CPE) Qualcomm Mdm9635m firmware - (not an official CPE) Qualcomm Mdm9640 firmware - (not an official CPE) Qualcomm Mdm9650 firmware - (not an official CPE) Qualcomm Mdm9655 firmware - (not an official CPE) Qualcomm Msm8909w firmware - (not an official CPE) Qualcomm Msm8996au firmware - (not an official CPE) Qualcomm Sd 205 firmware - (not an official CPE) Qualcomm Sd 210 firmware - (not an official CPE) Qualcomm Sd 212 firmware - (not an official CPE) Qualcomm Sd 410 firmware - (not an official CPE) Qualcomm Sd 412 firmware - (not an official CPE) Qualcomm Sd 415 firmware - (not an official CPE) Qualcomm Sd 425 firmware - (not an official CPE) Qualcomm Sd 427 firmware - (not an official CPE) Qualcomm Sd 429 firmware - (not an official CPE) Qualcomm Sd 430 firmware - (not an official CPE) Qualcomm Sd 435 firmware - (not an official CPE) Qualcomm Sd 439 firmware - (not an official CPE) Qualcomm Sd 450 firmware - (not an official CPE) Qualcomm Sd 615 firmware - (not an official CPE) Qualcomm Sd 616 firmware - (not an official CPE) Qualcomm Sd 625 firmware - (not an official CPE) Qualcomm Sd 632 firmware - (not an official CPE) Qualcomm Sd 636 firmware - (not an official CPE) Qualcomm Sd 650 firmware - (not an official CPE) Qualcomm Sd 652 firmware - (not an official CPE) Qualcomm Sd 810 firmware - (not an official CPE) Qualcomm Sd 820 firmware - (not an official CPE) Qualcomm Sd 820a firmware - (not an official CPE) Qualcomm Sd 835 firmware - (not an official CPE) Qualcomm Sda660 firmware - (not an official CPE) Qualcomm Sdm439 firmware - (not an official CPE) Qualcomm Sdm630 firmware - (not an official CPE) Qualcomm Sdm660 firmware - (not an official CPE) Qualcomm Sdx24 firmware - (not an official CPE) Qualcomm Snapdragon high med 2016 firmware - (not an official CPE)

Qualcomm - Ipq8074 firmware Qualcomm - Mdm9206 firmware Qualcomm - Mdm9607 firmware Qualcomm - Mdm9635m firmware Qualcomm - Mdm9640 firmware Qualcomm - Mdm9650 firmware Qualcomm - Mdm9655 firmware Qualcomm - Msm8909w firmware Qualcomm - Msm8996au firmware Qualcomm - Sd 205 firmware Qualcomm - Sd 210 firmware Qualcomm - Sd 212 firmware Qualcomm - Sd 410 firmware Qualcomm - Sd 412 firmware Qualcomm - Sd 415 firmware Qualcomm - Sd 425 firmware Qualcomm - Sd 427 firmware Qualcomm - Sd 429 firmware Qualcomm - Sd 430 firmware Qualcomm - Sd 435 firmware Qualcomm - Sd 439 firmware Qualcomm - Sd 450 firmware Qualcomm - Sd 615 firmware Qualcomm - Sd 616 firmware Qualcomm - Sd 625 firmware Qualcomm - Sd 632 firmware Qualcomm - Sd 636 firmware Qualcomm - Sd 650 firmware Qualcomm - Sd 652 firmware Qualcomm - Sd 810 firmware Qualcomm - Sd 820 firmware Qualcomm - Sd 820a firmware Qualcomm - Sd 835 firmware Qualcomm - Sda660 firmware Qualcomm - Sdm439 firmware Qualcomm - Sdm630 firmware Qualcomm - Sdm660 firmware Qualcomm - Sdx24 firmware Qualcomm - Snapdragon high med 2016 firmware

Advisory	Patch	Confirmed	Link
			https://www.qualcomm.com/company/product-security/bullet...
			106128

Improper Restriction of Operations within the Bounds of a Memory Buffer (ID 119)

Related CAPEC 11 Buffer Overflow via Environment Variables (CAPEC-ID 10) Overflow Buffers (CAPEC-ID 100) Client-side Injection-induced Buffer Overflow (CAPEC-ID 14) Filter Failure through Buffer Overflow (CAPEC-ID 24) MIME Conversion (CAPEC-ID 42) Overflow Binary Resource File (CAPEC-ID 44) Buffer Overflow via Symbolic Links (CAPEC-ID 45) Overflow Variables and Tags (CAPEC-ID 46) Buffer Overflow via Parameter Expansion (CAPEC-ID 47) Buffer Overflow in an API Call (CAPEC-ID 8) Buffer Overflow in Local Command-Line Utilities (CAPEC-ID 9)