CVE-2019-14036 : Possible buffer overflow issue in error processing due to improper validation of array index value in Snapdragon Auto, S

Possible buffer overflow issue in error processing due to improper validation of array index value in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8064, APQ8096AU, IPQ4019, IPQ8064, IPQ8074, MDM9607, MDM9615, MDM9640, MSM8996AU, QCN7605

Published 2020-01-21 07:15:13

Updated 2020-01-24 13:31:54

Source Qualcomm, Inc.

View at NVD, CVE.org

Vulnerability category: Overflow

Exploit prediction scoring system (EPSS) score for CVE-2019-14036

Probability of exploitation activity in the next 30 days: 0.04%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 10 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2019-14036

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
7.2	HIGH	AV:L/AC:L/Au:N/C:C/I:C/A:C	3.9	10.0	NIST
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete
7.8	HIGH	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	1.8	5.9	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2019-14036

CWE-129 Improper Validation of Array Index

The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2019-14036

https://www.qualcomm.com/company/product-security/bulletins/january-2020-bulletin

January 2020 Security Bulletin | Qualcomm
Patch;Vendor Advisory

CVEs referencing this url

Products affected by CVE-2019-14036

Qualcomm » Mdm9607 Firmware » Version: N/A
cpe:2.3:o:qualcomm:mdm9607_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Mdm9607 » Version: N/A
Qualcomm » Mdm9640 Firmware » Version: N/A
cpe:2.3:o:qualcomm:mdm9640_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Mdm9640 » Version: N/A
Qualcomm » Mdm9615 Firmware » Version: N/A
cpe:2.3:o:qualcomm:mdm9615_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Mdm9615 » Version: N/A
Qualcomm » Apq8096au Firmware » Version: N/A
cpe:2.3:o:qualcomm:apq8096au_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Apq8096au » Version: N/A
Qualcomm » Msm8996au Firmware » Version: N/A
cpe:2.3:o:qualcomm:msm8996au_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Msm8996au » Version: N/A
Qualcomm » Ipq4019 Firmware » Version: N/A
cpe:2.3:o:qualcomm:ipq4019_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Ipq4019 » Version: N/A
Qualcomm » Ipq8064 Firmware » Version: N/A
cpe:2.3:o:qualcomm:ipq8064_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Ipq8064 » Version: N/A
Qualcomm » Ipq8074 Firmware » Version: N/A
cpe:2.3:o:qualcomm:ipq8074_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Ipq8074 » Version: N/A
Qualcomm » Apq8064 Firmware » Version: N/A
cpe:2.3:o:qualcomm:apq8064_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Apq8064 » Version: N/A
Qualcomm » Qcn7605 Firmware » Version: N/A
cpe:2.3:o:qualcomm:qcn7605_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Qcn7605 » Version: N/A

Vulnerability Details : CVE-2019-14036

Exploit prediction scoring system (EPSS) score for CVE-2019-14036

CVSS scores for CVE-2019-14036

CWE ids for CVE-2019-14036

References for CVE-2019-14036

Products affected by CVE-2019-14036