CVE-2019-10540

Buffer overflow in WLAN NAN function due to lack of check of count value received in NAN availability attribute in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in IPQ8074, MSM8996AU, QCA6174A, QCA6574AU, QCA8081, QCA9377, QCA9379, QCS404, QCS405, QCS605, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM630, SDM660, SXR1130

Published : 2019-09-30 16:15 Updated : 2019-10-03 14:08

10.0
CVSS Score More info
Score 10.0 / 10
10.0
Vendor Product Version URI
Qualcomm Ipq8074 Firmware - cpe:/o:qualcomm:ipq8074_firmware:-
Qualcomm Msm8996au Firmware - cpe:/o:qualcomm:msm8996au_firmware:-
Qualcomm Qca6174a Firmware - cpe:/o:qualcomm:qca6174a_firmware:-
Qualcomm Qca6574au Firmware - cpe:/o:qualcomm:qca6574au_firmware:-
Qualcomm Qca8081 Firmware - cpe:/o:qualcomm:qca8081_firmware:-
Qualcomm Qca9377 Firmware - cpe:/o:qualcomm:qca9377_firmware:-
Qualcomm Qca9379 Firmware - cpe:/o:qualcomm:qca9379_firmware:-
Qualcomm Qcs404 Firmware - cpe:/o:qualcomm:qcs404_firmware:-
Qualcomm Qcs405 Firmware - cpe:/o:qualcomm:qcs405_firmware:-
Qualcomm Qcs605 Firmware - cpe:/o:qualcomm:qcs605_firmware:-
Qualcomm Sd 636 Firmware - cpe:/o:qualcomm:sd_636_firmware:-
Qualcomm Sd 665 Firmware - cpe:/o:qualcomm:sd_665_firmware:-
Qualcomm Sd 670 Firmware - cpe:/o:qualcomm:sd_670_firmware:-
Qualcomm Sd 675 Firmware - cpe:/o:qualcomm:sd_675_firmware:-
Qualcomm Sd 710 Firmware - cpe:/o:qualcomm:sd_710_firmware:-
Qualcomm Sd 712 Firmware - cpe:/o:qualcomm:sd_712_firmware:-
Qualcomm Sd 730 Firmware - cpe:/o:qualcomm:sd_730_firmware:-
Qualcomm Sd 820 Firmware - cpe:/o:qualcomm:sd_820_firmware:-
Qualcomm Sd 835 Firmware - cpe:/o:qualcomm:sd_835_firmware:-
Qualcomm Sd 845 Firmware - cpe:/o:qualcomm:sd_845_firmware:-
Qualcomm Sd 850 Firmware - cpe:/o:qualcomm:sd_850_firmware:-
Qualcomm Sd 855 Firmware - cpe:/o:qualcomm:sd_855_firmware:-
Qualcomm Sd 8cx Firmware - cpe:/o:qualcomm:sd_8cx_firmware:-
Qualcomm Sda660 Firmware - cpe:/o:qualcomm:sda660_firmware:-
Qualcomm Sdm630 Firmware - cpe:/o:qualcomm:sdm630_firmware:-
Qualcomm Sdm660 Firmware - cpe:/o:qualcomm:sdm660_firmware:-
Qualcomm Sxr1130 Firmware - cpe:/o:qualcomm:sxr1130_firmware:-
  1. Qualcomm (27) Search CVE
    1. Sd 675 Firmware (1) Search CVE
      1. -
    2. Sd 670 Firmware (1) Search CVE
      1. -
    3. Sdm630 Firmware (1) Search CVE
      1. -
    4. Qca6174a Firmware (1) Search CVE
      1. -
    5. Ipq8074 Firmware (1) Search CVE
      1. -
    6. Qca6574au Firmware (1) Search CVE
      1. -
    7. Sd 8cx Firmware (1) Search CVE
      1. -
    8. Qca9377 Firmware (1) Search CVE
      1. -
    9. Sxr1130 Firmware (1) Search CVE
      1. -
    10. Sd 835 Firmware (1) Search CVE
      1. -
    11. Sd 855 Firmware (1) Search CVE
      1. -
    12. Sd 636 Firmware (1) Search CVE
      1. -
    13. Sd 820 Firmware (1) Search CVE
      1. -
    14. Qcs405 Firmware (1) Search CVE
      1. -
    15. Sdm660 Firmware (1) Search CVE
      1. -
    16. Qcs404 Firmware (1) Search CVE
      1. -
    17. Qca9379 Firmware (1) Search CVE
      1. -
    18. Qcs605 Firmware (1) Search CVE
      1. -
    19. Msm8996au Firmware (1) Search CVE
      1. -
    20. Sd 710 Firmware (1) Search CVE
      1. -
    21. Sd 845 Firmware (1) Search CVE
      1. -
    22. Qca8081 Firmware (1) Search CVE
      1. -
    23. Sd 712 Firmware (1) Search CVE
      1. -
    24. Sd 850 Firmware (1) Search CVE
      1. -
    25. Sda660 Firmware (1) Search CVE
      1. -
    26. Sd 730 Firmware (1) Search CVE
      1. -
    27. Sd 665 Firmware (1) Search CVE
      1. -

CWE

ID Name Description Links
CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow. CVE

History of changes

Date Event
2019-10-03 14:08
2019-09-30 16:15

New CVE