CVE-2017-18127 - OpenCVE

In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile and Snapdragon Wear MSM8909W, SD 210/SD 212/SD 205, SD 430, SD 450, SD 625, SD 650/52, SD 820, SD 835, SD 845, while processing a SetParam command packet in the VR service, the extracted name_len and value_len values are not checked and could potentially cause a buffer overflow in subsequent calls to memcpy().

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Qualcomm	Sd 652 Sd 450 Firmware Msm8909w Firmware Sd 450 Sd 212 Sd 845 Sd 835 Sd 650 Firmware Sd 820 Firmware Sd 205 Firmware Sd 430 Firmware Sd 835 Firmware Sd 625 Msm8909w Sd 652 Firmware Sd 210 Firmware Sd 212 Firmware Sd 625 Firmware Sd 430 Sd 845 Firmware Sd 210 Sd 650 Sd 820 Sd 205

Configuration 1 [-]

AND

cpe:2.3:o:qualcomm:msm8909w_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:msm8909w:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:qualcomm:sd_210_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sd_210:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:qualcomm:sd_212_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sd_212:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:qualcomm:sd_205_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sd_205:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:qualcomm:sd_430_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sd_430:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:qualcomm:sd_450_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sd_450:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:qualcomm:sd_625_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sd_625:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:qualcomm:sd_650_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sd_650:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:qualcomm:sd_652_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sd_652:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:qualcomm:sd_820_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sd_820:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:qualcomm:sd_835_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sd_835:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND

cpe:2.3:o:qualcomm:sd_845_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sd_845:-:*:*:*:*:*:*:*

References

Link	Resource
http://www.securityfocus.com/bid/103671	Third Party Advisory VDB Entry
https://source.android.com/security/bulletin/2018-04-01	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: qualcomm

Published: 2018-04-02T00:00:00

Updated: 2018-04-12T09:57:02

Reserved: 2018-02-05T00:00:00

Link: CVE-2017-18127

JSON object: View

NVD Information

Status : Analyzed

Published: 2018-04-11T15:29:00.617

Modified: 2018-05-14T13:01:38.937

Link: CVE-2017-18127

JSON object: View

Redhat Information

No data.

CWE

CWE-119