cvelist/2015/9xxx/CVE-2015-9148.json

{
   "CVE_data_meta" : {
      "ASSIGNER" : "product-security@qualcomm.com",
      "DATE_PUBLIC" : "2018-04-02T00:00:00",
      "ID" : "CVE-2015-9148",
      "STATE" : "PUBLIC"
   },
   "affects" : {
      "vendor" : {
         "vendor_data" : [
            {
               "product" : {
                  "product_data" : [
                     {
                        "product_name" : "Snapdragon Automobile, Snapdragon Mobile",
                        "version" : {
                           "version_data" : [
                              {
                                 "version_value" : "MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, SD 400, SD 425, SD 430, SD 450, SD 600, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, SDX20"
                              }
                           ]
                        }
                     }
                  ]
               },
               "vendor_name" : "Qualcomm, Inc."
            }
         ]
      }
   },
   "data_format" : "MITRE",
   "data_type" : "CVE",
   "data_version" : "4.0",
   "description" : {
      "description_data" : [
         {
            "lang" : "eng",
            "value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile and Snapdragon Mobile MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, SD 400, SD 425, SD 430, SD 450, SD 600, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, and SDX20, in the Diag User-PD command registration function, a length variable used during buffer allocation is not checked, so if it is very large, an integer overflow followed by a buffer overflow occurs."
         }
      ]
   },
   "problemtype" : {
      "problemtype_data" : [
         {
            "description" : [
               {
                  "lang" : "eng",
                  "value" : "Integer Overflow to Buffer Overflow in Services."
               }
            ]
         }
      ]
   },
   "references" : {
      "reference_data" : [
         {
            "name" : "https://source.android.com/security/bulletin/2018-04-01",
            "refsource" : "CONFIRM",
            "url" : "https://source.android.com/security/bulletin/2018-04-01"
         },
         {
            "name" : "103671",
            "refsource" : "BID",
            "url" : "http://www.securityfocus.com/bid/103671"
         }
      ]
   }
}
- Populated repo from CVE List. 2017-10-16 12:31:07 -04:00			`{`
			`"CVE_data_meta" : {`
- Added submission from Qualcomm for closed-source components 2014-2016 cumulative update in Android Security Bulletin - April 2018 from 2018-04-02. 2018-04-18 08:13:54 -04:00			`"ASSIGNER" : "product-security@qualcomm.com",`
			`"DATE_PUBLIC" : "2018-04-02T00:00:00",`
- Populated repo from CVE List. 2017-10-16 12:31:07 -04:00			`"ID" : "CVE-2015-9148",`
- Added submission from Qualcomm for closed-source components 2014-2016 cumulative update in Android Security Bulletin - April 2018 from 2018-04-02. 2018-04-18 08:13:54 -04:00			`"STATE" : "PUBLIC"`
			`},`
			`"affects" : {`
			`"vendor" : {`
			`"vendor_data" : [`
			`{`
			`"product" : {`
			`"product_data" : [`
			`{`
			`"product_name" : "Snapdragon Automobile, Snapdragon Mobile",`
			`"version" : {`
			`"version_data" : [`
			`{`
			`"version_value" : "MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, SD 400, SD 425, SD 430, SD 450, SD 600, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, SDX20"`
			`}`
			`]`
			`}`
			`}`
			`]`
			`},`
			`"vendor_name" : "Qualcomm, Inc."`
			`}`
			`]`
			`}`
- Populated repo from CVE List. 2017-10-16 12:31:07 -04:00			`},`
			`"data_format" : "MITRE",`
			`"data_type" : "CVE",`
			`"data_version" : "4.0",`
			`"description" : {`
			`"description_data" : [`
			`{`
			`"lang" : "eng",`
- Synchronized data. 2018-04-18 10:02:39 -04:00			"value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile and Snapdragon Mobile MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, SD 400, SD 425, SD 430, SD 450, SD 600, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, and SDX20, in the Diag User-PD command registration function, a length variable used during buffer allocation is not checked, so if it is very large, an integer overflow followed by a buffer overflow occurs."
- Added submission from Qualcomm for closed-source components 2014-2016 cumulative update in Android Security Bulletin - April 2018 from 2018-04-02. 2018-04-18 08:13:54 -04:00			`}`
			`]`
			`},`
			`"problemtype" : {`
			`"problemtype_data" : [`
			`{`
			`"description" : [`
			`{`
			`"lang" : "eng",`
			`"value" : "Integer Overflow to Buffer Overflow in Services."`
			`}`
			`]`
			`}`
			`]`
			`},`
			`"references" : {`
			`"reference_data" : [`
			`{`
- Synchronized data. 2018-04-18 10:02:39 -04:00			`"name" : "https://source.android.com/security/bulletin/2018-04-01",`
			`"refsource" : "CONFIRM",`
- Added submission from Qualcomm for closed-source components 2014-2016 cumulative update in Android Security Bulletin - April 2018 from 2018-04-02. 2018-04-18 08:13:54 -04:00			`"url" : "https://source.android.com/security/bulletin/2018-04-01"`
- Synchronized data. 2018-04-19 06:04:42 -04:00			`},`
			`{`
			`"name" : "103671",`
			`"refsource" : "BID",`
			`"url" : "http://www.securityfocus.com/bid/103671"`
- Populated repo from CVE List. 2017-10-16 12:31:07 -04:00			`}`
			`]`
			`}`
			`}`