CVE-2018-5877: Buffer Overflow
First published: Mon Nov 05 2018(Updated: )
In the device programmer target-side code for firehose, a string may not be properly NULL terminated can lead to a incorrect buffer size in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear in versions MDM9206, MDM9607, MDM9640, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 600, SD 820, SD 820A, SD 835, SDA660, SDX20.
Credit: product-security@qualcomm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Google Android | ||
| Qualcomm Mdm9206 Firmware | ||
| Qualcomm Mdm9206 | ||
| Google Android | ||
| Qualcomm Mdm9607 | ||
| Qualcomm Mdm9640 Firmware | ||
| Qualcomm Mdm9640 | ||
| Qualcomm Mdm9650 Firmware | ||
| Qualcomm Mdm9650 | ||
| Qualcomm Mdm9655 Firmware | ||
| Qualcomm Mdm9655 | ||
| Qualcomm Msm8909w Firmware | ||
| Qualcomm Msm8909w | ||
| Qualcomm Msm8996au Firmware | ||
| Qualcomm Msm8996au | ||
| Qualcomm Sd 210 Firmware | ||
| Qualcomm Sd 210 | ||
| Qualcomm Sd 212 Firmware | ||
| Qualcomm Sd 212 | ||
| Qualcomm Sd 205 Firmware | ||
| Qualcomm Sd 205 | ||
| Qualcomm Sd 600 Firmware | ||
| Qualcomm Sd 600 | ||
| Google Android | ||
| Google Android | ||
| Qualcomm Sd 820a Firmware | ||
| Qualcomm Sd 820a | ||
| Qualcomm Sd 835 Firmware | ||
| Qualcomm Sd 835 | ||
| Google Android | ||
| Google Android | ||
| Qualcomm Sdx20 Firmware | ||
| Qualcomm Sdx20 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2018-5877?
CVE-2018-5877 is a vulnerability in the device programmer target-side code for firehose, which can lead to an incorrect buffer size.
Which products are affected by CVE-2018-5877?
CVE-2018-5877 affects Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear devices in versions MDM9206, MDM9607, MDM9640, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210, SD 212, and SD 205.
What is the severity of CVE-2018-5877?
The severity of CVE-2018-5877 is high with a severity value of 7.8.
How can I fix CVE-2018-5877?
To fix CVE-2018-5877, it is recommended to apply the necessary patches and updates provided by Qualcomm and Google.
Where can I find more information about CVE-2018-5877?
More information about CVE-2018-5877 can be found at the following references: [link1], [link2], [link3].
- agent/references
- agent/type
- agent/first-publish-date
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/weakness
- agent/last-modified-date
- agent/author
- agent/softwarecombine
- agent/event
- agent/tags
- collector/android-source
- source/Android
- agent/software-canonical-lookup
- vendor/qualcomm
- canonical/qualcomm mdm9206 firmware
- canonical/qualcomm mdm9206
- canonical/google android
- canonical/qualcomm mdm9607
- canonical/qualcomm mdm9640 firmware
- canonical/qualcomm mdm9640
- canonical/qualcomm mdm9650 firmware
- canonical/qualcomm mdm9650
- canonical/qualcomm mdm9655 firmware
- canonical/qualcomm mdm9655
- canonical/qualcomm msm8909w firmware
- canonical/qualcomm msm8909w
- canonical/qualcomm msm8996au firmware
- canonical/qualcomm msm8996au
- canonical/qualcomm sd 210 firmware
- canonical/qualcomm sd 210
- canonical/qualcomm sd 212 firmware
- canonical/qualcomm sd 212
- canonical/qualcomm sd 205 firmware
- canonical/qualcomm sd 205
- canonical/qualcomm sd 600 firmware
- canonical/qualcomm sd 600
- canonical/qualcomm sd 820a firmware
- canonical/qualcomm sd 820a
- canonical/qualcomm sd 835 firmware
- canonical/qualcomm sd 835
- canonical/qualcomm sdx20 firmware
- canonical/qualcomm sdx20
- vendor/google