{"api_version":"1","generated_at":"2026-05-17T01:18:02+00:00","cve":"CVE-2018-11905","urls":{"html":"https://cve.report/CVE-2018-11905","api":"https://cve.report/api/cve/CVE-2018-11905.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2018-11905","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2018-11905"},"summary":{"title":"CVE-2018-11905","description":"In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Possible buffer overflow in WLAN function due to lack of input validation in values received from firmware.","state":"PUBLIC","assigner":"product-security@qualcomm.com","published_at":"2018-12-07 14:29:00","updated_at":"2019-01-02 18:30:00"},"problem_types":["CWE-119"],"metrics":[],"references":[{"url":"https://source.android.com/security/bulletin/2018-11-01#qualcomm-components","name":"https://source.android.com/security/bulletin/2018-11-01#qualcomm-components","refsource":"CONFIRM","tags":["Patch","Vendor Advisory"],"title":"Android Security Bulletin—November 2018  |  Android Open Source Project","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/105872","name":"105872","refsource":"BID","tags":["Third Party Advisory","VDB Entry"],"title":"Google Android Qualcomm Components Multiple Security Vulnerabilities","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2018-11905","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-11905","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2018","cve_id":"11905","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"google","cpe5":"android","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"11905","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"google","cpe5":"android","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"product-security@qualcomm.com","ID":"CVE-2018-11905","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"Android for MSM, Firefox OS for MSM, QRD Android","version":{"version_data":[{"version_value":"All Android releases from CAF using the Linux kernel"}]}}]},"vendor_name":"Qualcomm, Inc."}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Possible buffer overflow in WLAN function due to lack of input validation in values received from firmware."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Buffer Copy Without Checking Size of Input in WLAN"}]}]},"references":{"reference_data":[{"name":"https://source.android.com/security/bulletin/2018-11-01#qualcomm-components","refsource":"CONFIRM","url":"https://source.android.com/security/bulletin/2018-11-01#qualcomm-components"},{"name":"105872","refsource":"BID","url":"http://www.securityfocus.com/bid/105872"}]}},"nvd":{"publishedDate":"2018-12-07 14:29:00","lastModifiedDate":"2019-01-02 18:30:00","problem_types":["CWE-119"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":9.8,"baseSeverity":"CRITICAL"},"exploitabilityScore":3.9,"impactScore":5.9},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:C/I:C/A:C","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE","baseScore":10},"severity":"HIGH","exploitabilityScore":10,"impactScore":10,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:google:android:-:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2018","CveId":"11905","Ordinal":"128417","Title":"CVE-2018-11905","CVE":"CVE-2018-11905","Year":"2018"},"notes":[{"CveYear":"2018","CveId":"11905","Ordinal":"1","NoteData":"In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Possible buffer overflow in WLAN function due to lack of input validation in values received from firmware.","Type":"Description","Title":null},{"CveYear":"2018","CveId":"11905","Ordinal":"2","NoteData":"2018-12-07","Type":"Other","Title":"Published"},{"CveYear":"2018","CveId":"11905","Ordinal":"3","NoteData":"2018-12-08","Type":"Other","Title":"Modified"}]}}}