{"id": "CVE-2019-14123", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "
[email protected]", "cvssData": {"version": "2.0", "baseScore": 4.6, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "
[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2020-07-30T12:15:11.647", "references": [{"url": "https://www.qualcomm.com/company/product-security/bulletins/july-2020-bulletin", "tags": ["Broken Link"], "source": "
[email protected]"}, {"url": "https://www.qualcomm.com/company/product-security/bulletins/july-2020-security-bulletin", "tags": ["Vendor Advisory"], "source": "
[email protected]"}, {"url": "https://www.qualcomm.com/company/product-security/bulletins/july-2020-bulletin", "tags": ["Broken Link"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "
[email protected]", "description": [{"lang": "en", "value": "CWE-20"}, {"lang": "en", "value": "CWE-125"}, {"lang": "en", "value": "CWE-787"}]}], "descriptions": [{"lang": "en", "value": "Possible buffer overflow and over read possible due to missing bounds checks for fixed limits if we consider widevine HLOS client as non-trustable in Snapdragon Auto, Snapdragon Compute, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in Kamorta, QCS404, Rennell, SC7180, SDX55, SM6150, SM7150, SM8250, SXR2130"}, {"lang": "es", "value": "Un posible desbordamiento del b\u00fafer y posible lectura excesiva debido falta de comprobaciones de l\u00edmites para l\u00edmites fijos si consideramos que el cliente widevine HLOS no es confiable en los productos Snapdragon Auto, Snapdragon Compute, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking en versiones Kamorta, QCS404, Rennell, SC7180, SDX55, SM6150, SM7150, SM8250, SXR2130"}], "lastModified": "2024-11-21T04:26:07.767", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:qualcomm:kamorta_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4C17D128-D249-463B-B21B-F5B01265726A"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:qualcomm:kamorta:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "4ECFB565-9C4D-4F58-AD4E-283276688F00"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:qualcomm:qcs404_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2A2F7E6B-D499-4698-A203-A12725E51DFF"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:qualcomm:qcs404:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "B172AA65-B693-48DF-9D5A-7BB6FCC4A2A3"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:qualcomm:rennell_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D49376E9-D31E-4E84-9401-45859263F26C"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:qualcomm:rennell:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "B6D66742-81FA-46D6-B7A2-5460923D81A8"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:qualcomm:sc7180_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "792A18B7-E775-4AF4-A8C4-D434400317B0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:qualcomm:sc7180:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "B5170B38-0976-49BB-A916-5BE44C567218"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:qualcomm:sdx55_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E93FB34B-3674-404D-9687-E092E9A246AB"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:qualcomm:sdx55:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F3FF5A9A-A34A-499C-B6E0-D67B496C5454"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:qualcomm:sm6150_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8ABE492A-3755-4969-9DEB-4B85EBB84644"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:qualcomm:sm6150:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "E3D3787B-6ACC-4591-B041-01307ED66C36"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:qualcomm:sm7150_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F63A748F-2236-4486-83F1-DE4BCBE5D56D"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:qualcomm:sm7150:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "184F3DFC-27E8-48AC-B46C-C589DBCBF030"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:qualcomm:sm8250_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DDC730C6-FB32-4566-AAE2-B2B261BA9411"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:qualcomm:sm8250:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "5A432773-467F-492C-AA3A-ADF08A21FB3F"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:qualcomm:sxr2130_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9F9FA3B1-E4E4-4D9B-A99C-7BF958D4B993"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:qualcomm:sxr2130:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "95762B01-2762-45BD-8388-5DB77EA6139C"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "
[email protected]"}
