Vulnerabilities > CVE-2014-10044 - Improper Validation of Array Index vulnerability in Qualcomm products

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

HIGH

Availability impact

NONE

network

low complexity

qualcomm

CWE-129

NVD

Published: 2018-04-18

Updated: 2018-05-09

Summary

In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9615, MDM9625, MDM9635M, SD 210/SD 212/SD 205, SD 400, SD 617, SD 800, and SD 820, in the time daemon, unauthorized users can potentially modify system time and cause an array index to be out-of-bound.

Vulnerable Configurations

Part	Description	Count
OS	Qualcomm Qualcomm Mdm9615 Firmware - Qualcomm Mdm9625 Firmware - Qualcomm Mdm9635M Firmware - Qualcomm SD 210 Firmware - Qualcomm SD 212 Firmware - Qualcomm SD 205 Firmware - Qualcomm SD 400 Firmware - Qualcomm SD 617 Firmware - Qualcomm SD 800 Firmware - Qualcomm SD 820 Firmware -	10
Hardware	Qualcomm Qualcomm Mdm9615 - Qualcomm Mdm9625 - Qualcomm Mdm9635M - Qualcomm SD 210 - Qualcomm SD 212 - Qualcomm SD 205 - Qualcomm SD 400 - Qualcomm SD 617 - Qualcomm SD 800 - Qualcomm SD 820 -	10

Common Weakness Enumeration (CWE)

CWE-129 - Improper Validation of Array Index

Common Attack Pattern Enumeration and Classification (CAPEC)

Overflow Buffers
Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

References