{"api_version":"1","generated_at":"2026-04-23T04:52:49+00:00","cve":"CVE-2018-11863","urls":{"html":"https://cve.report/CVE-2018-11863","api":"https://cve.report/api/cve/CVE-2018-11863.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2018-11863","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2018-11863"},"summary":{"title":"CVE-2018-11863","description":"In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack of check of input received from firmware to calculate the length of WMA roam synch buffer can lead to buffer overwrite during memcpy.","state":"PUBLIC","assigner":"product-security@qualcomm.com","published_at":"2018-09-18 18:29:00","updated_at":"2018-11-09 14:22:00"},"problem_types":["CWE-119"],"metrics":[],"references":[{"url":"https://www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-aurora-security-bulletin","name":"https://www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-aurora-security-bulletin","refsource":"CONFIRM","tags":["Patch","Third Party Advisory"],"title":"September 2018 Code Aurora Security Bulletin - Code Aurora","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=33abba90b5c570a8334110ff7e1f696908465fd3","name":"https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=33abba90b5c570a8334110ff7e1f696908465fd3","refsource":"CONFIRM","tags":["Patch","Third Party Advisory"],"title":"platform/vendor/qcom-opensource/wlan/qcacld-3.0 - Unnamed repository","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2018-11863","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-11863","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2018","cve_id":"11863","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"google","cpe5":"android","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"11863","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"google","cpe5":"android","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2018-11863","qid":"610347","title":"Google Android May 2021 Security Patch Missing for Huawei EMUI"}]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"product-security@qualcomm.com","ID":"CVE-2018-11863","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"Android for MSM, Firefox OS for MSM, QRD Android","version":{"version_data":[{"version_value":"All Android releases from CAF using the Linux kernel"}]}}]},"vendor_name":"Qualcomm, Inc."}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack of check of input received from firmware to calculate the length of WMA roam synch buffer can lead to buffer overwrite during memcpy."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Buffer Copy Without Checking Size of Input in WLAN"}]}]},"references":{"reference_data":[{"name":"https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=33abba90b5c570a8334110ff7e1f696908465fd3","refsource":"CONFIRM","url":"https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=33abba90b5c570a8334110ff7e1f696908465fd3"},{"name":"https://www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-aurora-security-bulletin","refsource":"CONFIRM","url":"https://www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-aurora-security-bulletin"}]}},"nvd":{"publishedDate":"2018-09-18 18:29:00","lastModifiedDate":"2018-11-09 14:22:00","problem_types":["CWE-119"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":7.8,"baseSeverity":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:C/I:C/A:C","accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE","baseScore":7.2},"severity":"HIGH","exploitabilityScore":3.9,"impactScore":10,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:google:android:-:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2018","CveId":"11863","Ordinal":"128375","Title":"CVE-2018-11863","CVE":"CVE-2018-11863","Year":"2018"},"notes":[{"CveYear":"2018","CveId":"11863","Ordinal":"1","NoteData":"In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack of check of input received from firmware to calculate the length of WMA roam synch buffer can lead to buffer overwrite during memcpy.","Type":"Description","Title":null},{"CveYear":"2018","CveId":"11863","Ordinal":"2","NoteData":"2018-09-18","Type":"Other","Title":"Published"},{"CveYear":"2018","CveId":"11863","Ordinal":"3","NoteData":"2018-09-19","Type":"Other","Title":"Modified"}]}}}