CVE-2017-15817
Vulnerability from cvelistv5
Published
2018-02-23 23:00
Modified
2024-09-16 21:03
Severity
Summary
In all Qualcomm products with Android releases from CAF using the Linux kernel, when an access point sends a challenge text greater than 128 bytes, the host driver is unable to validate this potentially leading to authentication failure.
References
SourceURLTags
product-security@qualcomm.comhttp://www.securityfocus.com/bid/102974Third Party Advisory, VDB Entry
product-security@qualcomm.comhttps://source.android.com/security/bulletin/2018-02-01Vendor Advisory
Impacted products
VendorProduct
Qualcomm, Inc.Android for MSM, Firefox OS for MSM, QRD Android
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T20:04:50.425Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://source.android.com/security/bulletin/2018-02-01"
          },
          {
            "name": "102974",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/102974"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Android for MSM, Firefox OS for MSM, QRD Android",
          "vendor": "Qualcomm, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "All Android releases from CAF using the Linux kernel"
            }
          ]
        }
      ],
      "datePublic": "2018-02-05T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "In all Qualcomm products with Android releases from CAF using the Linux kernel, when an access point sends a challenge text greater than 128 bytes, the host driver is unable to validate this potentially leading to authentication failure."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Stack-based Buffer Overflow in WLAN",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-02-24T10:57:01",
        "orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
        "shortName": "qualcomm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://source.android.com/security/bulletin/2018-02-01"
        },
        {
          "name": "102974",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/102974"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "product-security@qualcomm.com",
          "DATE_PUBLIC": "2018-02-05T00:00:00",
          "ID": "CVE-2017-15817",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Android for MSM, Firefox OS for MSM, QRD Android",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All Android releases from CAF using the Linux kernel"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Qualcomm, Inc."
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In all Qualcomm products with Android releases from CAF using the Linux kernel, when an access point sends a challenge text greater than 128 bytes, the host driver is unable to validate this potentially leading to authentication failure."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Stack-based Buffer Overflow in WLAN"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://source.android.com/security/bulletin/2018-02-01",
              "refsource": "CONFIRM",
              "url": "https://source.android.com/security/bulletin/2018-02-01"
            },
            {
              "name": "102974",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/102974"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
    "assignerShortName": "qualcomm",
    "cveId": "CVE-2017-15817",
    "datePublished": "2018-02-23T23:00:00Z",
    "dateReserved": "2017-10-24T00:00:00",
    "dateUpdated": "2024-09-16T21:03:36.761Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2017-15817\",\"sourceIdentifier\":\"product-security@qualcomm.com\",\"published\":\"2018-02-23T23:29:00.420\",\"lastModified\":\"2018-03-12T16:44:22.437\",\"vulnStatus\":\"Analyzed\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"In all Qualcomm products with Android releases from CAF using the Linux kernel, when an access point sends a challenge text greater than 128 bytes, the host driver is unable to validate this potentially leading to authentication failure.\"},{\"lang\":\"es\",\"value\":\"En todos los productos Qualcomm con distribuciones de Android de CAF que utilizan el kernel de Linux, cuando un punto de acceso env\u00eda un texto de desaf\u00edo con m\u00e1s de 128 bytes, el controlador del host es incapaz de validarlo, lo que desemboca en un fallo de autenticaci\u00f3n.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:C/I:C/A:C\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\",\"baseScore\":9.3},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/102974\",\"source\":\"product-security@qualcomm.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://source.android.com/security/bulletin/2018-02-01\",\"source\":\"product-security@qualcomm.com\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.