CVE-2017-18274

Summary

While iterating through the models contained in a fixed-size array in the actData structure, which also stores an incorrect number of models that is greater than the size of the array, a buffer overflow occurs in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 617, SD 625, SD 650/52, SD 820, SD 820A, SD 835

Affected Software

VendorProductVersion RangeStatus
Qualcomm Technologies, Inc.Snapdragon Automobile, Snapdragon Mobile, Snapdragon WearMDM9206affected
Qualcomm Technologies, Inc.Snapdragon Automobile, Snapdragon Mobile, Snapdragon WearMDM9607affected
Qualcomm Technologies, Inc.Snapdragon Automobile, Snapdragon Mobile, Snapdragon WearMDM9650affected
Qualcomm Technologies, Inc.Snapdragon Automobile, Snapdragon Mobile, Snapdragon WearSD 210/SD 212/SD 205affected
Qualcomm Technologies, Inc.Snapdragon Automobile, Snapdragon Mobile, Snapdragon WearSD 425affected
Qualcomm Technologies, Inc.Snapdragon Automobile, Snapdragon Mobile, Snapdragon WearSD 430affected
Qualcomm Technologies, Inc.Snapdragon Automobile, Snapdragon Mobile, Snapdragon WearSD 450affected
Qualcomm Technologies, Inc.Snapdragon Automobile, Snapdragon Mobile, Snapdragon WearSD 617affected
Qualcomm Technologies, Inc.Snapdragon Automobile, Snapdragon Mobile, Snapdragon WearSD 625affected
Qualcomm Technologies, Inc.Snapdragon Automobile, Snapdragon Mobile, Snapdragon WearSD 650/52affected
Qualcomm Technologies, Inc.Snapdragon Automobile, Snapdragon Mobile, Snapdragon WearSD 820affected
Qualcomm Technologies, Inc.Snapdragon Automobile, Snapdragon Mobile, Snapdragon WearSD 820Aaffected
Qualcomm Technologies, Inc.Snapdragon Automobile, Snapdragon Mobile, Snapdragon WearSD 835affected

Weaknesses

  • CWE129: Improper Validation of Array Index

ADP Enrichment

CVE Program Container

Additional References

References