CVE-2017-18173

CVE Database · CVE-2017-18173

CVE-2017-18173

· N/AModified

CVSS v3.1

N/A

EPSS

0.23%

Published

May 6, 2019

Modified

Nov 21, 2024

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

In case of using an invalid android verified boot signature with very large length, an integer underflow occurs in Snapdragon Mobile in SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 810, SD 820, SD 835, SDM630, SDM636, SDM660, Snapdragon_High_Med_2016.

Weaknesses (CWE)

CWE-190

Affected Products (26)

qualcomm · sd_425_firmwarevulnerable

qualcomm · sd_425

qualcomm · sd_427_firmwarevulnerable

qualcomm · sd_427

qualcomm · sd_430_firmwarevulnerable

qualcomm · sd_430

qualcomm · sd_435_firmwarevulnerable

qualcomm · sd_435

qualcomm · sd_450_firmwarevulnerable

qualcomm · sd_450

qualcomm · sd_625_firmwarevulnerable

· sd_625

References (2)

https://www.qualcomm.com/company/product-security/bulletins

Vendor Advisory

https://www.qualcomm.com/company/product-security/bulletins

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs