Sign-up

ID

VAR-201911-1668


CVE

CVE-2019-10502


TITLE

plural Snapdragon Classic buffer overflow vulnerability in products

Trust: 0.8

sources: JVNDB: JVNDB-2019-011591

DESCRIPTION

Possible stack overflow when an index equal to io buffer size is accessed in camera module in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MSM8909W, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 845 / SD 850, SD 855, SDM439, SDX24. plural Snapdragon The product contains a classic buffer overflow vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state

Trust: 1.62

sources: NVD: CVE-2019-10502 // JVNDB: JVNDB-2019-011591

IOT TAXONOMY

category:['other device', 'embedded device']sub_category:SoC

Trust: 0.1

category:['other device', 'embedded device']sub_category:general

Trust: 0.1

sources: OTHER: None

AFFECTED PRODUCTS

vendor:qualcommmodel:sd 632scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdx24scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qcs405scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 205scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qcs605scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 212scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 710scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 425scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 675scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 429scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:215scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 730scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 850scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 845scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 450scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm439scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8909wscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 670scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 439scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 855scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 210scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 665scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 712scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 625scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8909wscope: - version: -

Trust: 0.8

vendor:qualcommmodel:qcs405scope: - version: -

Trust: 0.8

vendor:qualcommmodel:qcs605scope: - version: -

Trust: 0.8

vendor:qualcommmodel:215scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 205scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 210scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 212scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 425scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 429scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 439scope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2019-011591 // NVD: CVE-2019-10502

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-10502
value: HIGH

Trust: 1.0

NVD: CVE-2019-10502
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201909-173
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2019-10502
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

nvd@nist.gov: CVE-2019-10502
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2019-10502
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2019-011591 // CNNVD: CNNVD-201909-173 // NVD: CVE-2019-10502

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.0

problemtype:CWE-120

Trust: 0.8

sources: JVNDB: JVNDB-2019-011591 // NVD: CVE-2019-10502

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201909-173

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201909-173

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-011591

PATCH
title:Android のセキュリティに関する公開情報url:https://source.android.com/security/bulletin/
Trust: 0.8
title:Multiple Qualcomm Product security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=97935
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-011591 // 
            
            
            
            CNNVD: CNNVD-201909-173

EXTERNAL IDS
db:NVDid:CVE-2019-10502
Trust: 2.5
db:JVNDBid:JVNDB-2019-011591
Trust: 0.8
db:CNNVDid:CNNVD-201909-173
Trust: 0.6
db:OTHERid:NONE
Trust: 0.1
sources:
            
            
            OTHER: None // 
            
            
            
            JVNDB: JVNDB-2019-011591 // 
            
            
            
            CNNVD: CNNVD-201909-173 // 
            
            
            
            NVD: CVE-2019-10502

REFERENCES
url:https://source.android.com/security/bulletin/
Trust: 1.6
url:https://www.qualcomm.com/company/product-security/bulletins/september-2019-bulletin
Trust: 1.6
url:https://nvd.nist.gov/vuln/detail/cve-2019-10502
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-10502
Trust: 0.8
url:https://vigilance.fr/vulnerability/google-android-os-multiple-vulnerabilities-30243
Trust: 0.6
url:https://ieeexplore.ieee.org/abstract/document/10769424
Trust: 0.1
sources:
            
            
            OTHER: None // 
            
            
            
            JVNDB: JVNDB-2019-011591 // 
            
            
            
            CNNVD: CNNVD-201909-173 // 
            
            
            
            NVD: CVE-2019-10502

CREDITS
Pengfei Ding( Ding Pengfei ) of Huawei Mobile Security Lab
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201909-173

SOURCES
db:OTHERid: - 
db:JVNDBid:JVNDB-2019-011591
db:CNNVDid:CNNVD-201909-173
db:NVDid:CVE-2019-10502

LAST UPDATE DATE
2025-01-30T20:24:43.518000+00:00

SOURCES UPDATE DATE
db:JVNDBid:JVNDB-2019-011591date:2019-11-13T00:00:00
db:CNNVDid:CNNVD-201909-173date:2019-11-08T00:00:00
db:NVDid:CVE-2019-10502date:2024-11-21T04:19:17.850

SOURCES RELEASE DATE
db:JVNDBid:JVNDB-2019-011591date:2019-11-13T00:00:00
db:CNNVDid:CNNVD-201909-173date:2019-09-04T00:00:00
db:NVDid:CVE-2019-10502date:2019-11-06T17:15:11.987