CVE-2017-15859

Опубликовано: 30 мар. 2018

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

While processing the QCA_NL80211_VENDOR_SUBCMD_SET_TXPOWER_SCALE_DECR_DB vendor command, in which attribute QCA_WLAN_VENDOR_ATTR_TXPOWER_SCALE_DECR_DB contains fewer than 1 byte, in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-08-11 a buffer overrun occurs.

Ссылки

https://source.android.com/security/bulletin/pixel/2018-02-01
Vendor Advisory
https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=88dcc44ea8fbe158d1dee3ea197e47794bf4449d
Patch
Third Party Advisory
https://source.android.com/security/bulletin/pixel/2018-02-01
Vendor Advisory
https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=88dcc44ea8fbe158d1dee3ea197e47794bf4449d
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:o:google:android:-:*:*:*:*:*:*:*

EPSS

Процентиль: 31%

0.00117

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-787

Связанные уязвимости

GHSA-rvpq-468x-qvhx