cvedb.io
CVE-2017-18127
CRITICAL · CVSS 9.8
EPSS exploitation probability: 0%
Published 2018-04-11T15:29:00.617 · Last modified 2026-06-17T01:12:14.593

Summary

In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile and Snapdragon Wear MSM8909W, SD 210/SD 212/SD 205, SD 430, SD 450, SD 625, SD 650/52, SD 820, SD 835, SD 845, while processing a SetParam command packet in the VR service, the extracted name_len and value_len values are not checked and could potentially cause a buffer overflow in subsequent calls to memcpy().

Affected products

qualcomm — msm8909w_firmware

Does this affect you?

Add your gear to cvedb and we'll alert you only when qualcomm ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.