CVE-2019-2300: Buffer Overflow
First published: Mon Mar 02 2020(Updated: )
Possible buffer overflow in WLAN handler due to lack of validation of destination buffer size before copying into it in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8096, APQ8098, IPQ8074, MDM9206, MDM9207C, MDM9607, MSM8996, MSM8996AU, MSM8998, QCA6174A, QCA6574AU, QCA8081, QCA9377, QCA9379, QCA9886, QCS605, SDA660, SDA845, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SM6150, SM7150, SM8150, SXR1130
Credit: product-security@qualcomm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Google Android | ||
| Google Android | ||
| Qualcomm Apq8009 | ||
| Google Android | ||
| Qualcomm Apq8017 | ||
| Google Android | ||
| Google Android | ||
| Qualcomm Apq8096 Firmware | ||
| Google Android | ||
| Google Android | ||
| Qualcomm Apq8098 | ||
| Qualcomm Ipq8074 Firmware | ||
| Qualcomm Ipq8074 | ||
| Qualcomm Mdm9206 Firmware | ||
| Qualcomm Mdm9206 | ||
| Google Android | ||
| Google Android | ||
| Google Android | ||
| Qualcomm Mdm9607 | ||
| Qualcomm Msm8996 Firmware | ||
| Google Android | ||
| Google Android | ||
| Qualcomm Msm8996au | ||
| Google Android | ||
| Qualcomm MSM8998 | ||
| Google Android | ||
| Google Android | ||
| Google Android | ||
| Qualcomm Qca6574au | ||
| Qualcomm Qca8081 Firmware | ||
| Google Android | ||
| Google Android | ||
| Google Android | ||
| Google Android | ||
| Google Android | ||
| Qualcomm Qca9886 Firmware | ||
| Qualcomm Qca9886 | ||
| Qualcomm Qcs605 Firmware | ||
| Google Android | ||
| Google Android | ||
| Google Android | ||
| Qualcomm Sda845 Firmware | ||
| Qualcomm Sda845 | ||
| Qualcomm Sdm630 Firmware | ||
| Qualcomm Sdm630 | ||
| Google Android | ||
| Qualcomm Sdm636 | ||
| Qualcomm Sdm660 Firmware | ||
| Qualcomm Sdm660 | ||
| Qualcomm Sdm670 Firmware | ||
| Qualcomm Sdm670 | ||
| Qualcomm Sdm710 Firmware | ||
| Qualcomm Sdm710 | ||
| Qualcomm Sdm845 Firmware | ||
| Qualcomm Sdm845 | ||
| Qualcomm Sdm850 Firmware | ||
| Qualcomm Sdm850 | ||
| Google Android | ||
| Qualcomm Sm6150 | ||
| Google Android | ||
| Google Android | ||
| Qualcomm Sm8150 Firmware | ||
| Qualcomm Sm8150 | ||
| Qualcomm Sxr1130 Firmware | ||
| Qualcomm Sxr1130 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2019-2300?
CVE-2019-2300 is a vulnerability that could lead to a possible buffer overflow in the WLAN handler due to a lack of validation of the destination buffer size before copying into it in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile.
Which software products are affected by CVE-2019-2300?
CVE-2019-2300 affects Google Android, Qualcomm Apq8009 Firmware, Qualcomm Apq8017 Firmware, Qualcomm Apq8053, Qualcomm Apq8096 Firmware, Qualcomm Apq8098, Qualcomm Ipq8074 Firmware, Qualcomm Mdm9206 Firmware, Google Android, Qualcomm Mdm9607, Qualcomm Msm8996 Firmware, Qualcomm Msm8996au Firmware, Qualcomm MSM8998, Qualcomm Qca6174a Firmware, Qualcomm Qca6574au, Qualcomm Qca8081 Firmware, Qualcomm Qca9377, Qualcomm Qca9379, Qualcomm Qca9886 Firmware, Qualcomm Qcs605 Firmware, Qualcomm Sda660, Qualcomm Sda845 Firmware, Qualcomm Sdm630 Firmware, Qualcomm Sdm636, Qualcomm Sdm660 Firmware, Qualcomm Sdm670 Firmware, Qualcomm Sdm710 Firmware, Qualcomm Sdm845 Firmware, Qualcomm Sdm850 Firmware, Qualcomm Sm6150, Qualcomm Sm7150, Qualcomm Sm8150 Firmware, Qualcomm Sxr1130 Firmware.
What is the severity of CVE-2019-2300?
CVE-2019-2300 has a severity rating of 9.8 (Critical).
How can CVE-2019-2300 be fixed?
To fix CVE-2019-2300, users should apply the necessary security patches as recommended by the software vendor.
Are there any references for CVE-2019-2300?
Yes, you can find more information about CVE-2019-2300 at the following references: [1] [2] [3].
- collector/android-source
- collector/nvd-index
- vendor/google
- canonical/google android
- vendor/qualcomm
- canonical/qualcomm apq8009
- canonical/qualcomm apq8017
- canonical/qualcomm apq8096 firmware
- canonical/qualcomm apq8098
- canonical/qualcomm ipq8074 firmware
- canonical/qualcomm ipq8074
- canonical/qualcomm mdm9206 firmware
- canonical/qualcomm mdm9206
- canonical/qualcomm mdm9607
- canonical/qualcomm msm8996 firmware
- canonical/qualcomm msm8996au
- canonical/qualcomm msm8998
- canonical/qualcomm qca6574au
- canonical/qualcomm qca8081 firmware
- canonical/qualcomm qca9886 firmware
- canonical/qualcomm qca9886
- canonical/qualcomm qcs605 firmware
- canonical/qualcomm sda845 firmware
- canonical/qualcomm sda845
- canonical/qualcomm sdm630 firmware
- canonical/qualcomm sdm630
- canonical/qualcomm sdm636
- canonical/qualcomm sdm660 firmware
- canonical/qualcomm sdm660
- canonical/qualcomm sdm670 firmware
- canonical/qualcomm sdm670
- canonical/qualcomm sdm710 firmware
- canonical/qualcomm sdm710
- canonical/qualcomm sdm845 firmware
- canonical/qualcomm sdm845
- canonical/qualcomm sdm850 firmware
- canonical/qualcomm sdm850
- canonical/qualcomm sm6150
- canonical/qualcomm sm8150 firmware
- canonical/qualcomm sm8150
- canonical/qualcomm sxr1130 firmware
- canonical/qualcomm sxr1130