github - ghsa-288r-5pxq-4qgx

ghsa-288r-5pxq-4qgx

Vulnerability from github

Published

2022-05-14 03:04

Modified

2022-05-14 03:04

Severity

7.8 (High) - CVSS_V3 - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

While processing the USB StrSerialDescriptor array, an array index out of bounds can occur in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-5887"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-07-06T17:29:00Z",
    "severity": "HIGH"
  },
  "details": "While processing the USB StrSerialDescriptor array, an array index out of bounds can occur in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05.",
  "id": "GHSA-288r-5pxq-4qgx",
  "modified": "2022-05-14T03:04:27Z",
  "published": "2022-05-14T03:04:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-5887"
    },
    {
      "type": "WEB",
      "url": "https://source.android.com/security/bulletin/pixel/2018-06-01#qualcomm-components"
    },
    {
      "type": "WEB",
      "url": "https://source.codeaurora.org/quic/la/abl/tianocore/edk2/commit/?id=c8415f6f2271008aef5056689950236df627d9b1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

cve-2018-5887

Vulnerability from cvelistv5

Published

2018-07-06 17:00

Modified

2024-09-16 17:32

Severity

Summary

While processing the USB StrSerialDescriptor array, an array index out of bounds can occur in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05.

References

URL	Tags
https://source.codeaurora.org/quic/la/abl/tianocore/edk2/commit/?id=c8415f6f2271008aef5056689950236df627d9b1	x_refsource_CONFIRM
https://source.android.com/security/bulletin/pixel/2018-06-01#qualcomm-components	x_refsource_CONFIRM

Impacted products

Vendor	Product
Qualcomm, Inc.	Android for MSM, Firefox OS for MSM, QRD Android

Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T05:47:55.964Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://source.codeaurora.org/quic/la/abl/tianocore/edk2/commit/?id=c8415f6f2271008aef5056689950236df627d9b1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://source.android.com/security/bulletin/pixel/2018-06-01#qualcomm-components"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Android for MSM, Firefox OS for MSM, QRD Android",
          "vendor": "Qualcomm, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "All Android releases from CAF using the Linux kernel"
            }
          ]
        }
      ],
      "datePublic": "2018-06-05T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "While processing the USB StrSerialDescriptor array, an array index out of bounds can occur in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Improper Validation of Array Index in Boot",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-07-06T16:57:01",
        "orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
        "shortName": "qualcomm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://source.codeaurora.org/quic/la/abl/tianocore/edk2/commit/?id=c8415f6f2271008aef5056689950236df627d9b1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://source.android.com/security/bulletin/pixel/2018-06-01#qualcomm-components"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "product-security@qualcomm.com",
          "DATE_PUBLIC": "2018-06-05T00:00:00",
          "ID": "CVE-2018-5887",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Android for MSM, Firefox OS for MSM, QRD Android",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All Android releases from CAF using the Linux kernel"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Qualcomm, Inc."
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "While processing the USB StrSerialDescriptor array, an array index out of bounds can occur in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Improper Validation of Array Index in Boot"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://source.codeaurora.org/quic/la/abl/tianocore/edk2/commit/?id=c8415f6f2271008aef5056689950236df627d9b1",
              "refsource": "CONFIRM",
              "url": "https://source.codeaurora.org/quic/la/abl/tianocore/edk2/commit/?id=c8415f6f2271008aef5056689950236df627d9b1"
            },
            {
              "name": "https://source.android.com/security/bulletin/pixel/2018-06-01#qualcomm-components",
              "refsource": "CONFIRM",
              "url": "https://source.android.com/security/bulletin/pixel/2018-06-01#qualcomm-components"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
    "assignerShortName": "qualcomm",
    "cveId": "CVE-2018-5887",
    "datePublished": "2018-07-06T17:00:00Z",
    "dateReserved": "2018-01-19T00:00:00",
    "dateUpdated": "2024-09-16T17:32:43.172Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Log in or create an account to share your comment.

Tags

Taxonomy of the tags.