Lucene search
QualcommCVELIST:CVE-2023-28543HistorySep 05, 2023 - 6:29 a.m.
CVE-2023-28543 Out of Bounds read in SNPE Library
2023-09-0506:29:28
CWE-125
qualcomm
www.cve.org
5
cve-2023-28543
memory corruption
malformed dlc
untrusted model
remote source
CVSS3
8.1
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
9.6
Confidence
High
EPSS
0.001
Percentile
50.6%
A malformed DLC can trigger Memory Corruption in SNPE library due to out of bounds read, such as by loading an untrusted model (e.g. from a remote source).
CNA Affected
[
{
"defaultStatus": "unaffected",
"platforms": [
"Snapdragon Auto",
"Snapdragon Compute",
"Snapdragon Mobile",
"Snapdragon Voice & Music"
],
"product": "Snapdragon",
"vendor": "Qualcomm, Inc.",
"versions": [
{
"status": "affected",
"version": "SD855"
},
{
"status": "affected",
"version": "SD845"
},
{
"status": "affected",
"version": "QCS605"
},
{
"status": "affected",
"version": "QCS405"
}
]
}
]Related
prion
prion
Design/Logic Flaw
2023-09-05 07:15:00
nvd
nvd
CVE-2023-28543
2023-09-05 07:15:13
cve
cve
CVE-2023-28543
2023-09-05 07:15:13
CVSS3
8.1
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
9.6
Confidence
High
EPSS
0.001
Percentile
50.6%
Related for CVELIST:CVE-2023-28543