1. Home
  2. CVE Database
  3. CVE-2018-13907
MEDIUM · 5.3

CVE-2018-13907

While deserializing any key blob during key operations, buffer overflow could occur, exposing partial key information if any key operations are invoked in Snapdragon Auto, Snapdragon Compute, Snapdrag...

Vulnerability Description

While deserializing any key blob during key operations, buffer overflow could occur, exposing partial key information if any key operations are invoked in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in IPQ4019, IPQ8074, MDM9150, MDM9206, MDM9607, MDM9635M, MDM9640, MDM9650, MDM9655, MSM8909W, MSM8996AU, QCA8081, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, SDX20, Snapdragon_High_Med_2016, SXR1130

CVSS Score

5.3

MEDIUM

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
LOW
Integrity
NONE
Availability
NONE

Affected Products

VendorProductVersions
QualcommPq4019 Firmware-
QualcommPq4019-
QualcommIpq8074 Firmware-
QualcommIpq8074-
QualcommMdm9150 Firmware-
QualcommMdm9150-
QualcommMdm9206 Firmware-
QualcommMdm9206-
QualcommMdm9607 Firmware-
QualcommMdm9607-
QualcommMdm9635M Firmware-
QualcommMdm9635M-
QualcommMdm9640 Firmware-
QualcommMdm9640-
QualcommMdm9650 Firmware-
QualcommMdm9650-
QualcommMdm9655 Firmware-
QualcommMdm9655-
QualcommMsm8909W Firmware-
QualcommMsm8909W-

Related Weaknesses (CWE)

CWE-119

References

FAQ

What is CVE-2018-13907?

CVE-2018-13907 is a vulnerability with a CVSS score of 5.3 (MEDIUM). While deserializing any key blob during key operations, buffer overflow could occur, exposing partial key information if any key operations are invoked in Snapdragon Auto, Snapdragon Compute, Snapdrag...

How severe is CVE-2018-13907?

CVE-2018-13907 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2018-13907?

Check the references section above for vendor advisories and patch information. Affected products include: Qualcomm Pq4019 Firmware, Qualcomm Pq4019, Qualcomm Ipq8074 Firmware, Qualcomm Ipq8074, Qualcomm Mdm9150 Firmware.