CVE-2019-14078

CVE Database · CVE-2019-14078

CVE-2019-14078

· HIGHModified

CVSS v3.1

7.8

EPSS

0.19%

Published

Jun 2, 2020

Modified

Nov 21, 2024

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Out of bound memory access while processing qpay due to not validating length of the response buffer provided by User. in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8098, MSM8909, MSM8998, SDA660, SDA845, SDM630, SDM636, SDM660, SDM845

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-131

Affected Products (20)

qualcomm · apq8009_firmwarevulnerable

qualcomm · apq8009

qualcomm · apq8098_firmwarevulnerable

qualcomm · apq8098

qualcomm · msm8909_firmwarevulnerable

qualcomm · msm8909

qualcomm · msm8998_firmwarevulnerable

qualcomm · msm8998

qualcomm · sda660_firmwarevulnerable

qualcomm · sda660

qualcomm · sda845_firmwarevulnerable

· sda845

References (2)

https://www.qualcomm.com/company/product-security/bulletins/may-2020-bulletin

Vendor Advisory

https://www.qualcomm.com/company/product-security/bulletins/may-2020-bulletin

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs