CVE-2019-14066

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2019-14066
Integer overflow in calculating estimated output buffer size when getting a list of installed Feature IDs, Serial Numbers or checking Feature ID status in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in Kamorta, MDM9205, MDM9607, Nicobar, QCS404, QCS405, Rennell, SA6155P, SC7180, SC8180X, SDX55, SM6150, SM7150, SXR2130

7.8 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.2 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 3.9 / Impact : 10.0

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References
Link Resource
https://www.qualcomm.com/company/product-security/bulletins/may-2020-bulletin Vendor Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:qualcomm:kamorta_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:kamorta:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:qualcomm:mdm9205_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:mdm9205:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:qualcomm:mdm9607_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:mdm9607:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:qualcomm:nicobar_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:nicobar:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:qualcomm:qcs404_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:qcs404:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:qualcomm:qcs405_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:qcs405:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:qualcomm:rennell_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:rennell:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:qualcomm:sa6155p_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sa6155p:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:qualcomm:sc7180_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sc7180:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:qualcomm:sc8180x_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sc8180x:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
cpe:2.3:o:qualcomm:sdx55_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sdx55:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND
cpe:2.3:o:qualcomm:sm6150_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sm6150:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND
cpe:2.3:o:qualcomm:sm7150_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sm7150:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND
cpe:2.3:o:qualcomm:sxr2130_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sxr2130:-:*:*:*:*:*:*:*
History

No history.

Information

Published : 2020-06-02 15:15

Updated : 2023-12-10 13:27

NVD link : CVE-2019-14066

Mitre link : CVE-2019-14066

CVE.ORG link : CVE-2019-14066

JSON object : View

Products Affected

qualcomm

  • mdm9205
  • sm7150_firmware
  • sm6150
  • kamorta
  • mdm9607
  • sa6155p_firmware
  • kamorta_firmware
  • rennell_firmware
  • qcs405
  • sm6150_firmware
  • rennell
  • nicobar
  • sxr2130
  • sc8180x
  • sdx55
  • sxr2130_firmware
  • sc7180_firmware
  • qcs404_firmware
  • mdm9607_firmware
  • nicobar_firmware
  • sdx55_firmware
  • qcs405_firmware
  • sc7180
  • sm7150
  • sc8180x_firmware
  • qcs404
  • mdm9205_firmware
  • sa6155p
CWE
CWE-190

Integer Overflow or Wraparound