Lucene search

[email protected]NVD:CVE-2020-3678

HistoryNov 02, 2020 - 7:15 a.m.

CVE-2020-3678

2020-11-0207:15:14

CWE-120

[email protected]

web.nvd.nist.gov

buffer overflow

snapdragon

processors

vulnerability

CVSS2

4.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

12.6%

JSON

u’A buffer overflow could occur if the API is improperly used due to UIE init does not contain a buffer size a param’ in Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in Agatti, Kamorta, QCS404, QCS605, SDA845, SDM670, SDM710, SDM845, SXR1130

Affected configurations

Nvd

Node

qualcommagatti_firmwareMatch-

AND

qualcommagattiMatch-

Node

qualcommkamorta_firmwareMatch-

AND

qualcommkamortaMatch-

Node

qualcommqcs404_firmwareMatch-

AND

qualcommqcs404Match-

Node

qualcommqcs605_firmwareMatch-

AND

qualcommqcs605Match-

Node

qualcommsda845_firmwareMatch-

AND

qualcommsda845Match-

Node

qualcommsdm670_firmwareMatch-

AND

qualcommsdm670Match-

Node

qualcommsdm710_firmwareMatch-

AND

qualcommsdm710Match-

Node

qualcommsdm845_firmwareMatch-

AND

qualcommsdm845Match-

Node

qualcommsxr1130_firmwareMatch-

AND

qualcommsxr1130Match-

VendorProductVersionCPE
qualcommagatti_firmware-cpe:2.3:o:qualcomm:agatti_firmware:-:*:*:*:*:*:*:*
qualcommagatti-cpe:2.3:h:qualcomm:agatti:-:*:*:*:*:*:*:*
qualcommkamorta_firmware-cpe:2.3:o:qualcomm:kamorta_firmware:-:*:*:*:*:*:*:*
qualcommkamorta-cpe:2.3:h:qualcomm:kamorta:-:*:*:*:*:*:*:*
qualcommqcs404_firmware-cpe:2.3:o:qualcomm:qcs404_firmware:-:*:*:*:*:*:*:*
qualcommqcs404-cpe:2.3:h:qualcomm:qcs404:-:*:*:*:*:*:*:*
qualcommqcs605_firmware-cpe:2.3:o:qualcomm:qcs605_firmware:-:*:*:*:*:*:*:*
qualcommqcs605-cpe:2.3:h:qualcomm:qcs605:-:*:*:*:*:*:*:*
qualcommsda845_firmware-cpe:2.3:o:qualcomm:sda845_firmware:-:*:*:*:*:*:*:*
qualcommsda845-cpe:2.3:h:qualcomm:sda845:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
qualcomm	agatti_firmware	-	cpe:2.3:o:qualcomm:agatti_firmware:-:::::::*
qualcomm	agatti	-	cpe:2.3:h:qualcomm:agatti:-:::::::*
qualcomm	kamorta_firmware	-	cpe:2.3:o:qualcomm:kamorta_firmware:-:::::::*
qualcomm	kamorta	-	cpe:2.3:h:qualcomm:kamorta:-:::::::*
qualcomm	qcs404_firmware	-	cpe:2.3:o:qualcomm:qcs404_firmware:-:::::::*
qualcomm	qcs404	-	cpe:2.3:h:qualcomm:qcs404:-:::::::*
qualcomm	qcs605_firmware	-	cpe:2.3:o:qualcomm:qcs605_firmware:-:::::::*
qualcomm	qcs605	-	cpe:2.3:h:qualcomm:qcs605:-:::::::*
qualcomm	sda845_firmware	-	cpe:2.3:o:qualcomm:sda845_firmware:-:::::::*
qualcomm	sda845	-	cpe:2.3:h:qualcomm:sda845:-:::::::*

Rows per page:

1-10 of 181

References

www.qualcomm.com/company/product-security/bulletins/october-2020-bulletin

www.qualcomm.com/company/product-security/bulletins/october-2020-security-bulletin

CVSS2

4.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

12.6%

JSON

Related for NVD:CVE-2020-3678

cve1 cvelist1 prion1