Описание
In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, while processing PTT commands, ptt_sock_send_msg_to_app() is invoked without validating the packet length. If the packet length is invalid, then a buffer over-read can occur.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:o:google:android:-:*:*:*:*:*:*:*
EPSS
Процентиль: 26%
0.00091
Низкий
5.3 Medium
CVSS3
5 Medium
CVSS2
Дефекты
CWE-125
Связанные уязвимости
CVSS3: 5.3
github
больше 3 лет назад
In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, while processing PTT commands, ptt_sock_send_msg_to_app() is invoked without validating the packet length. If the packet length is invalid, then a buffer over-read can occur.
EPSS
Процентиль: 26%
0.00091
Низкий
5.3 Medium
CVSS3
5 Medium
CVSS2
Дефекты
CWE-125