Heap Overflow Vulnerability in Snapdragon Mobile and Wear Products by Qualcomm
CVE-2018-5879

8.8HIGH

Key Information:

Vendor: Qualcomm
Status: Snapdragon Mobile, Snapdragon Wear
Vendor: CVE Published:; 18 January 2019

Summary

An improper length check when processing MQTT messages in Qualcomm's Snapdragon Mobile and Wear products can lead to a heap overflow condition. This issue affects multiple versions, including MDM9206, MDM9607, and several Snapdragon chipsets, potentially allowing attackers to execute arbitrary code or manipulate system resources. Users are advised to update their devices to the latest firmware versions to mitigate any associated risks.

Affected Version(s)

Snapdragon Mobile, Snapdragon Wear MDM9206, MDM9607, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 636, SD 835, SDA660, SDM630, SDM660

References

https://www.qualcomm.com/company/product-security/bulletins

x_refsource_CONFIRM

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 18, 2019
Vulnerability Reserved
Jan 19, 2018