CVE-2014-9995

In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 400 and SD 800, in drmprov_cmd_verify_key(), the variable feature_name_length is not validated. There is a check for feature_name_len + filePathLen but there might be an integer wrap when checking feature_name_len + filePathLen. This leads to a buffer overflow.
References
Link Resource
https://source.android.com/security/bulletin/2018-04-01 Vendor Advisory
http://www.securityfocus.com/bid/103671 Third Party Advisory VDB Entry
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:qualcomm:sd_400_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sd_400:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:qualcomm:sd_800_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sd_800:-:*:*:*:*:*:*:*

Information

Published : 2018-04-18 07:29

Updated : 2018-05-09 10:16


NVD link : CVE-2014-9995

Mitre link : CVE-2014-9995


JSON object : View

CWE
CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

Advertisement

dedicated server usa

Products Affected

qualcomm

  • sd_800
  • sd_400_firmware
  • sd_800_firmware
  • sd_400