Lucene search

QualcommCVELIST:CVE-2023-33025

HistoryJan 02, 2024 - 5:38 a.m.

CVE-2023-33025 Buffer Copy without Checking Size of Input in Data Modem

2024-01-0205:38:25

CWE-120

qualcomm

www.cve.org

cve-2023-33025

buffer copy

data modem

memory corruption

sdp body

volte call

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.8 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

33.3%

JSON

Memory corruption in Data Modem when a non-standard SDP body, during a VOLTE call.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Snapdragon Industrial IOT",
      "Snapdragon Mobile"
    ],
    "product": "Snapdragon",
    "vendor": "Qualcomm, Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "AR8035"
      },
      {
        "status": "affected",
        "version": "FastConnect 6700"
      },
      {
        "status": "affected",
        "version": "FastConnect 6900"
      },
      {
        "status": "affected",
        "version": "QCA8081"
      },
      {
        "status": "affected",
        "version": "QCA8337"
      },
      {
        "status": "affected",
        "version": "QCM4490"
      },
      {
        "status": "affected",
        "version": "QCN6024"
      },
      {
        "status": "affected",
        "version": "QCN9024"
      },
      {
        "status": "affected",
        "version": "QCS4490"
      },
      {
        "status": "affected",
        "version": "SM4450"
      },
      {
        "status": "affected",
        "version": "Snapdragon 680 4G Mobile Platform"
      },
      {
        "status": "affected",
        "version": "Snapdragon 685 4G Mobile Platform (SM6225-AD)"
      },
      {
        "status": "affected",
        "version": "Snapdragon X65 5G Modem-RF System"
      },
      {
        "status": "affected",
        "version": "Snapdragon X70 Modem-RF System"
      },
      {
        "status": "affected",
        "version": "WCD9370"
      },
      {
        "status": "affected",
        "version": "WCD9375"
      },
      {
        "status": "affected",
        "version": "WCD9380"
      },
      {
        "status": "affected",
        "version": "WCN3950"
      },
      {
        "status": "affected",
        "version": "WCN3988"
      },
      {
        "status": "affected",
        "version": "WSA8810"
      },
      {
        "status": "affected",
        "version": "WSA8815"
      },
      {
        "status": "affected",
        "version": "WSA8830"
      },
      {
        "status": "affected",
        "version": "WSA8832"
      },
      {
        "status": "affected",
        "version": "WSA8835"
      }
    ]
  }
]

References

www.qualcomm.com/company/product-security/bulletins/january-2024-bulletin

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.8 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

33.3%

JSON

Related for CVELIST:CVE-2023-33025