CVE-2017-18127
N/A
N/A
Summary
In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile and Snapdragon Wear MSM8909W, SD 210/SD 212/SD 205, SD 430, SD 450, SD 625, SD 650/52, SD 820, SD 835, SD 845, while processing a SetParam command packet in the VR service, the extracted name_len and value_len values are not checked and could potentially cause a buffer overflow in subsequent calls to memcpy().
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Qualcomm, Inc. | Snapdragon Mobile, Snapdragon Wear | MSM8909W, SD 210/SD 212/SD 205, SD 430, SD 450, SD 625, SD 650/52, SD 820, SD 835, SD 845 | affected |
Weaknesses
- Improper Input Validation in APSS
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.