Lucene search

[email protected]CVE-2022-25708

HistorySep 16, 2022 - 6:15 a.m.

CVE-2022-25708

2022-09-1606:15:11

CWE-120

[email protected]

web.nvd.nist.gov

cve-2022-25708

memory corruption

wlan

buffer copy

input size

parsing keys

snapdragon connectivity

snapdragon mobile

nvd

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.6 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

53.5%

JSON

Memory corruption in WLAN due to buffer copy without checking size of input while parsing keys in Snapdragon Connectivity, Snapdragon Mobile

Affected configurations

NVD

Node

qualcommsd_8_gen1_5g_firmwareMatch-

AND

qualcommsm8475Match-

Node

qualcommsd888_5g_firmwareMatch-

AND

qualcommsd888_5gMatch-

Node

qualcommsm7450_firmwareMatch-

AND

qualcommsm7450Match-

Node

qualcommwcd9370_firmwareMatch-

AND

qualcommwcd9370Match-

Node

qualcommwcd9375_firmwareMatch-

AND

qualcommwcd9375Match-

Node

qualcommwcd9380_firmwareMatch-

AND

qualcommwcd9380Match-

Node

qualcommwcd9385_firmwareMatch-

AND

qualcommwcd9385Match-

Node

qualcommwcn6750_firmwareMatch-

AND

qualcommwcn6750Match-

Node

qualcommwcn6850_firmwareMatch-

AND

qualcommwcn6850Match-

Node

qualcommwcn6851_firmwareMatch-

AND

qualcommwcn6851Match-

Node

qualcommwcn6855_firmwareMatch-

AND

qualcommwcn6855Match-

Node

qualcommwcn6856_firmwareMatch-

AND

qualcommwcn6856Match-

Node

qualcommwcn7850_firmwareMatch-

AND

qualcommwcn7850Match-

Node

qualcommwcn7851_firmwareMatch-

AND

qualcommwcn7851Match-

Node

qualcommwsa8830_firmwareMatch-

AND

qualcommwsa8830Match-

Node

qualcommwsa8832_firmwareMatch-

AND

qualcommwsa8832Match-

Node

qualcommwsa8835_firmwareMatch-

AND

qualcommwsa8835Match-

CPENameOperatorVersion
qualcomm:sd_8_gen1_5g_firmwarequalcomm sd 8 gen1 5g firmwareeq-

CPE	Name	Operator	Version
qualcomm:sd_8_gen1_5g_firmware	qualcomm sd 8 gen1 5g firmware	eq	-

CNA Affected

[
  {
    "product": "Snapdragon Connectivity, Snapdragon Mobile",
    "vendor": "Qualcomm, Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "SD 8 Gen1 5G, SD888 5G, SM7450, WCD9370, WCD9375, WCD9380, WCD9385, WCN6750, WCN6850, WCN6851, WCN6855, WCN6856, WCN7850, WCN7851, WSA8830, WSA8832, WSA8835"
      }
    ]
  }
]

References

www.qualcomm.com/company/product-security/bulletins/september-2022-bulletin

Social References

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.6 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

53.5%

JSON

Related for CVE-2022-25708

nvd1 cvelist1 prion1