CVE-2019-10589

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2019-10589
Lack of length check of response buffer can lead to buffer over-flow while GP command response buffer handling in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8017, APQ8053, APQ8098, MDM9206, MDM9607, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8998, QM215, SDA660, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660

9.8 /10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

10.0 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References
Link Resource
https://www.qualcomm.com/company/product-security/bulletins/april-2020-bulletin Vendor Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:qualcomm:apq8017_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:apq8017:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:qualcomm:apq8053_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:apq8053:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:qualcomm:apq8098_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:apq8098:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:qualcomm:mdm9206_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:mdm9206:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:qualcomm:mdm9607_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:mdm9607:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:qualcomm:msm8917_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:msm8917:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:qualcomm:msm8920_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:msm8920:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:qualcomm:msm8937_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:msm8937:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:qualcomm:msm8940_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:msm8940:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:qualcomm:msm8953_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:msm8953:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
cpe:2.3:o:qualcomm:msm8998_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:msm8998:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND
cpe:2.3:o:qualcomm:qm215_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:qm215:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND
cpe:2.3:o:qualcomm:sda660_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sda660:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND
cpe:2.3:o:qualcomm:sdm429_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sdm429:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND
cpe:2.3:o:qualcomm:sdm439_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sdm439:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND
cpe:2.3:o:qualcomm:sdm450_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sdm450:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND
cpe:2.3:o:qualcomm:sdm630_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sdm630:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND
cpe:2.3:o:qualcomm:sdm632_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sdm632:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND
cpe:2.3:o:qualcomm:sdm636_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sdm636:-:*:*:*:*:*:*:*

Configuration 20 (hide)

AND
cpe:2.3:o:qualcomm:sdm660_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sdm660:-:*:*:*:*:*:*:*
History

No history.

Information

Published : 2020-04-16 11:15

Updated : 2023-12-10 13:27

NVD link : CVE-2019-10589

Mitre link : CVE-2019-10589

CVE.ORG link : CVE-2019-10589

JSON object : View

Products Affected

qualcomm

  • msm8937_firmware
  • apq8017_firmware
  • sdm636_firmware
  • apq8098_firmware
  • sdm450
  • sda660_firmware
  • sdm632
  • msm8940_firmware
  • sdm632_firmware
  • apq8017
  • sdm636
  • mdm9607
  • apq8053_firmware
  • sdm450_firmware
  • msm8998_firmware
  • mdm9206_firmware
  • mdm9607_firmware
  • qm215_firmware
  • msm8920_firmware
  • apq8053
  • msm8937
  • sdm660_firmware
  • sdm439_firmware
  • sdm439
  • msm8917_firmware
  • msm8917
  • sdm429_firmware
  • apq8098
  • msm8940
  • msm8953_firmware
  • msm8953
  • sdm660
  • sdm429
  • msm8920
  • sdm630_firmware
  • msm8998
  • qm215
  • sda660
  • sdm630
  • mdm9206
CWE
CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')