CVE-2018-5877: Buffer Overflow
First published: Mon Nov 05 2018(Updated: )
In the device programmer target-side code for firehose, a string may not be properly NULL terminated can lead to a incorrect buffer size in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear in versions MDM9206, MDM9607, MDM9640, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 600, SD 820, SD 820A, SD 835, SDA660, SDX20.
Credit: product-security@qualcomm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Android | ||
| Qualcomm MDM9206 | ||
| Qualcomm MDM9206 firmware | ||
| Qualcomm MD9607 Firmware | ||
| Qualcomm MDM9607 firmware | ||
| qualcomm mdm9640 firmware | ||
| Qualcomm MDM9640 | ||
| Qualcomm MDM9650 | ||
| Qualcomm MDM9650 firmware | ||
| Qualcomm MDM9655 firmware | ||
| Qualcomm MDM9655 firmware | ||
| Qualcomm MSM8909W | ||
| Qualcomm Snapdragon 8909 | ||
| qualcomm MSM8996AU firmware | ||
| Qualcomm MSM8996AU Firmware | ||
| Qualcomm SD 210 Firmware | ||
| Qualcomm SD 210 | ||
| Qualcomm SD 212 Firmware | ||
| Qualcomm SD 212 Firmware | ||
| Qualcomm SD 205 Firmware | ||
| Qualcomm SD 205 | ||
| Qualcomm SD 600 Firmware | ||
| Qualcomm Snapdragon 600 | ||
| Qualcomm SD820 Firmware | ||
| Qualcomm Snapdragon 820 | ||
| Qualcomm SD820A Firmware | ||
| Qualcomm SD820A Firmware | ||
| Qualcomm SD 835 Firmware | ||
| Qualcomm Snapdragon 835 | ||
| Qualcomm SDA660 | ||
| Qualcomm SDA660 | ||
| Qualcomm SDX20 Firmware | ||
| Qualcomm SDX20 Firmware |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2018-5877?
CVE-2018-5877 is a vulnerability in the device programmer target-side code for firehose, which can lead to an incorrect buffer size.
Which products are affected by CVE-2018-5877?
CVE-2018-5877 affects Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear devices in versions MDM9206, MDM9607, MDM9640, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210, SD 212, and SD 205.
What is the severity of CVE-2018-5877?
The severity of CVE-2018-5877 is high with a severity value of 7.8.
How can I fix CVE-2018-5877?
To fix CVE-2018-5877, it is recommended to apply the necessary patches and updates provided by Qualcomm and Google.
Where can I find more information about CVE-2018-5877?
More information about CVE-2018-5877 can be found at the following references: [link1], [link2], [link3].
- agent/references
- agent/type
- agent/first-publish-date
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/weakness
- agent/last-modified-date
- agent/author
- agent/event
- agent/source
- collector/android-source
- source/Android
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- vendor/google
- canonical/android
- vendor/qualcomm
- canonical/qualcomm mdm9206
- canonical/qualcomm mdm9206 firmware
- canonical/qualcomm md9607 firmware
- canonical/qualcomm mdm9607 firmware
- canonical/qualcomm mdm9640 firmware
- canonical/qualcomm mdm9640
- canonical/qualcomm mdm9650
- canonical/qualcomm mdm9650 firmware
- canonical/qualcomm mdm9655 firmware
- canonical/qualcomm msm8909w
- canonical/qualcomm snapdragon 8909
- canonical/qualcomm msm8996au firmware
- canonical/qualcomm sd 210 firmware
- canonical/qualcomm sd 210
- canonical/qualcomm sd 212 firmware
- canonical/qualcomm sd 205 firmware
- canonical/qualcomm sd 205
- canonical/qualcomm sd 600 firmware
- canonical/qualcomm snapdragon 600
- canonical/qualcomm sd820 firmware
- canonical/qualcomm snapdragon 820
- canonical/qualcomm sd820a firmware
- canonical/qualcomm sd 835 firmware
- canonical/qualcomm snapdragon 835
- canonical/qualcomm sda660
- canonical/qualcomm sdx20 firmware