CVE-2018-11945

CRITICAL

Qualcomm Snapdragon - Heap Overflow in Wireless Service Messaging Module

Title source: llm

Description

Improper input validation in wireless service messaging module for data received from broadcast messages can lead to heap overflow in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in versions MDM9150, MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9650, MDM9655, MSM8909W, MSM8996AU, QCS605, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 675, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, SDX20, Snapdragon_High_Med_2016, SXR1130.

References (2)

Core 2

Core References

Vendor Advisory x_refsource_confirm

https://www.qualcomm.com/company/product-security/bulletins

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/106845

Scores

CVSS v3 9.8

EPSS 0.0035

EPSS Percentile 57.8%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-787

Status published

Products (50)

qualcomm/mdm9150_firmware

qualcomm/mdm9206_firmware

qualcomm/mdm9607_firmware

qualcomm/mdm9615_firmware

qualcomm/mdm9625_firmware

qualcomm/mdm9635m_firmware

qualcomm/mdm9640_firmware

qualcomm/mdm9650_firmware

qualcomm/mdm9655_firmware

qualcomm/msm8909w_firmware

... and 40 more

Published Feb 25, 2019

Tracked Since Feb 18, 2026