Vulnerability Details : CVE-2017-18068
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper buffer length calculation in wma_roam_scan_filter() leads to buffer overflow.
Vulnerability category: Overflow
Products affected by CVE-2017-18068
- cpe:2.3:o:google:android:-:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2017-18068
0.05%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 19 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2017-18068
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.2
|
HIGH | AV:L/AC:L/Au:N/C:C/I:C/A:C |
3.9
|
10.0
|
NIST | |
7.8
|
HIGH | CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST |
CWE ids for CVE-2017-18068
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2017-18068
-
https://source.android.com/security/bulletin/2018-03-01
Android Security Bulletin—March 2018 | Android Open Source ProjectVendor Advisory
-
https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=b91ad6cf984a48ad52fe5af13cb3e0ac4bf012ed
platform/vendor/qcom-opensource/wlan/qcacld-3.0 - Unnamed repositoryPatch;Third Party Advisory
-
http://www.securityfocus.com/bid/103254
Google Android Qualcomm Component Multiple Security VulnerabilitiesThird Party Advisory;VDB Entry
Jump to