8.8

CVE-2020-11154

u'Buffer overflow while processing a crafted PDU data packet in bluetooth due to lack of check of buffer size before copying' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8053, QCA6390, QCN7605, QCN7606, SA415M, SA515M, SA6155P, SA8155P, SC8180X, SDX55

Data is provided by the National Vulnerability Database (NVD)
QualcommApq8009 Firmware Version-
   QualcommApq8009 Version-
QualcommApq8053 Firmware Version-
   QualcommApq8053 Version-
QualcommQca6390 Firmware Version-
   QualcommQca6390 Version-
QualcommQcn7605 Firmware Version-
   QualcommQcn7605 Version-
QualcommQcn7606 Firmware Version-
   QualcommQcn7606 Version-
QualcommSa415m Firmware Version-
   QualcommSa415m Version-
QualcommSa515m Firmware Version-
   QualcommSa515m Version-
QualcommSa6155p Firmware Version-
   QualcommSa6155p Version-
QualcommSa8155p Firmware Version-
   QualcommSa8155p Version-
QualcommSc8180x Firmware Version-
   QualcommSc8180x Version-
QualcommSdx55 Firmware Version-
   QualcommSdx55 Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.19% 0.407
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 8.8 2.8 5.9
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 8.3 6.5 10
AV:A/AC:L/Au:N/C:C/I:C/A:C
CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.