cve-2019-14134
Vulnerability from cvelistv5
Published
2020-04-16 10:46
Modified
2024-08-05 00:12
Severity ?
Summary
Possible out of bound access in WLAN handler when the received value of length in rx path is shorter than the expected value of country IE in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in IPQ8074, QCA8081, QCS605, SDA845, SDM670, SDM710, SDM845, SDM850, SM6150, SM7150, SM8150, SXR1130
References
product-security@qualcomm.comhttps://www.qualcomm.com/company/product-security/bulletins/april-2020-bulletinVendor Advisory
Impacted products
Qualcomm, Inc.Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T00:12:42.225Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.qualcomm.com/company/product-security/bulletins/april-2020-bulletin"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking",
          "vendor": "Qualcomm, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "IPQ8074, QCA8081, QCS605, SDA845, SDM670, SDM710, SDM845, SDM850, SM6150, SM7150, SM8150, SXR1130"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Possible out of bound access in WLAN handler when the received value of length in rx path is shorter than the expected value of country IE in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in IPQ8074, QCA8081, QCS605, SDA845, SDM670, SDM710, SDM845, SDM850, SM6150, SM7150, SM8150, SXR1130"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Buffer Over-read Issue in WLAN",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-04-16T10:46:19",
        "orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
        "shortName": "qualcomm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.qualcomm.com/company/product-security/bulletins/april-2020-bulletin"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "product-security@qualcomm.com",
          "ID": "CVE-2019-14134",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "IPQ8074, QCA8081, QCS605, SDA845, SDM670, SDM710, SDM845, SDM850, SM6150, SM7150, SM8150, SXR1130"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Qualcomm, Inc."
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Possible out of bound access in WLAN handler when the received value of length in rx path is shorter than the expected value of country IE in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in IPQ8074, QCA8081, QCS605, SDA845, SDM670, SDM710, SDM845, SDM850, SM6150, SM7150, SM8150, SXR1130"
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Buffer Over-read Issue in WLAN"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.qualcomm.com/company/product-security/bulletins/april-2020-bulletin",
              "refsource": "CONFIRM",
              "url": "https://www.qualcomm.com/company/product-security/bulletins/april-2020-bulletin"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
    "assignerShortName": "qualcomm",
    "cveId": "CVE-2019-14134",
    "datePublished": "2020-04-16T10:46:19",
    "dateReserved": "2019-07-19T00:00:00",
    "dateUpdated": "2024-08-05T00:12:42.225Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2019-14134\",\"sourceIdentifier\":\"product-security@qualcomm.com\",\"published\":\"2020-04-16T11:15:15.557\",\"lastModified\":\"2020-04-21T19:06:03.337\",\"vulnStatus\":\"Analyzed\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"Possible out of bound access in WLAN handler when the received value of length in rx path is shorter than the expected value of country IE in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in IPQ8074, QCA8081, QCS605, SDA845, SDM670, SDM710, SDM845, SDM850, SM6150, SM7150, SM8150, SXR1130\"},{\"lang\":\"es\",\"value\":\"Un posible acceso fuera de l\u00edmite en el manejador WLAN cuando el valor de longitud recibido en la ruta rx es m\u00e1s corto que el valor esperado del IE del pa\u00eds en los productos Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Infraestructura cableada y redes en IPQ8074, QCA8081, QCS605, SDA845, SDM670, SDM710, SDM845, SDM850, SM6150, SM7150, SM8150, SXR1130\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:C/I:C/A:C\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\",\"baseScore\":10.0},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-125\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:ipq8074:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2118C404-402F-463C-8160-3CC3B703DF30\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:ipq8074_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2914BF98-E69C-4C8D-8B10-759642ADD7B4\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:qca8081:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ED0585FF-E390-46E8-8701-70964A4057BB\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:qca8081_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1D1C53DC-D2F3-4C92-9725-9A85340AF026\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:qcs605:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D0D665C1-3EBA-42F2-BF56-55E6C365F7DF\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:qcs605_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B05FD66D-13A6-40E9-A64B-E428378F237E\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:sda845:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"37FA5777-1B35-4BD1-BB81-CB5DE62F3D56\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:sda845_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"022D7D87-F60F-4DD2-9E0B-A9DFD3D69B22\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:sdm670:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0CC0441C-C30B-4D99-9BAD-C1E4387302BB\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:sdm670_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"00865826-86AE-425F-BE6F-162F611FB200\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:sdm710:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4F006960-CDE3-4E74-B4F0-2C4B2CA93959\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:sdm710_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D045BE4B-BC19-4A51-90E6-00C18389C81B\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:sdm845:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D342C86B-E184-457C-9F72-BD853ED79425\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:sdm845_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DED4B719-53B5-4D16-B3FA-ADE29D28ED86\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:sdm850:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8ED4F8FE-32DB-4696-A3AD-A9D7CB7E513A\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:sdm850_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B3ADE826-C55D-4731-80B9-164FEA290FAC\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:sm6150_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8ABE492A-3755-4969-9DEB-4B85EBB84644\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:sm6150:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E3D3787B-6ACC-4591-B041-01307ED66C36\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:sm7150_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F63A748F-2236-4486-83F1-DE4BCBE5D56D\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:sm7150:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"184F3DFC-27E8-48AC-B46C-C589DBCBF030\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:sm8150_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9286B1E8-E39F-4DAA-8969-311CA2A0A8AA\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:sm8150:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"19B9AE36-87A9-4EE7-87C8-CCA2DCF51039\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:sxr1130_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"096F7BA5-FF58-416B-93EF-733B16326C86\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:sxr1130:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7AF958FB-1611-4102-A2DB-8D4311AE0D72\"}]}]}],\"references\":[{\"url\":\"https://www.qualcomm.com/company/product-security/bulletins/april-2020-bulletin\",\"source\":\"product-security@qualcomm.com\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.