Ipq4019 Firmware
CVE-2019-2299
HIGH
Severity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
An out-of-bound write can be triggered by a specially-crafted command supplied by a userspace application. in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in IPQ4019, IPQ8064, IPQ8074, MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA6174A, QCA6574AU, QCA8081, QCA9377, QCA9379, QCS605, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 600, SD 625, SD 636, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDM660, SDX20, SDX24
AnalysisAI
An out-of-bound write can be triggered by a specially-crafted command supplied by a userspace application. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.
Technical ContextAI
This vulnerability is classified as Out-of-bounds Write (CWE-787), which allows attackers to write data beyond allocated buffer boundaries leading to code execution or crashes. An out-of-bound write can be triggered by a specially-crafted command supplied by a userspace application. in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in IPQ4019, IPQ8064, IPQ8074, MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA6174A, QCA6574AU, QCA8081, QCA9377, QCA9379, QCS605, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 600, SD 625, SD 636, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDM660, SDX20, SDX24 Affected products include: Qualcomm Ipq4019 Firmware, Qualcomm Ipq8064 Firmware, Qualcomm Ipq8074 Firmware, Qualcomm Mdm9150 Firmware, Qualcomm Mdm9206 Firmware.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Validate write boundaries, use memory-safe languages, enable compiler protections (ASLR, stack canaries).
More in Ipq4019 Firmware
View allu'In the lbd service, an external user can issue a specially crafted debug command to overwrite arbitrary files with arb
Memory corruption while redirecting log file to any file location with any file name. Rated critical severity (CVSS 9.8)
Memory corruption in WLAN Host while processing RRM beacon on the AP. Rated critical severity (CVSS 9.8), this vulnerabi
Memory corruption while sending an Assoc Request having BTM Query or BTM Response containing MBO IE. Rated critical seve
A use after free can occur due to improper validation of P2P device address in PD Request frame in Snapdragon Auto, Snap
Possible buffer overflow due to improper validation of device types during P2P search in Snapdragon Auto, Snapdragon Com
Possible buffer overflow due to lack of parameter length check during MBSSID scan IE parse in Snapdragon Auto, Snapdrago
u'Remote code execution can happen by sending a carefully crafted POST query when Device configuration is accessed from
u'fscanf reads a string from a file and stores its contents on a statically allocated stack memory which leads to stack
An out-of-bounds read can occur while parsing a server certificate due to improper length check in Snapdragon Auto, Snap
Possible buffer over read due to lack of length check while parsing beacon IE response in Snapdragon Auto, Snapdragon Co
Memory corruption while deinitializing a HDCP session. [CVSS 7.8 HIGH]
Same weakness CWE-787 – Out-of-bounds Write
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today