CVE-2019-14078 Vulnerability Details

  /     /     /  

CVE-2019-14078 Metadata Quick Info

CVE Published: 02/06/2020 | CVE Updated: 05/08/2024 | CVE Year: 2019
Source: qualcomm | Vendor: Qualcomm, Inc. | Product: Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
Status : PUBLISHED

---

CVE-2019-14078 Description

Out of bound memory access while processing qpay due to not validating length of the response buffer provided by User. in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8098, MSM8909, MSM8998, SDA660, SDA845, SDM630, SDM636, SDM660, SDM845

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID:
CWE Name: Incorrect Calculation of Buffer Size in Trustzone Application
Source: Qualcomm, Inc.

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).