CVE-2020-3648

EPSS 0.04%
Published 08.09.2020 10:15:15
Last modified 21.11.2024 05:31:28
Source product-security@qualcomm.com
Teams watchlist Login
Open Login

u'Possible out of bound write in DSP driver code due to lack of check of data received from user' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MSM8909W

Affected products Warnungen 0 Metrics 3 CWE 2 References 5

Data is provided by the National Vulnerability Database (NVD)

Qualcomm ≫ Msm8909w Firmware Version-

Qualcomm ≫ Msm8909w Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.04%	0.097

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	4.6	3.9	6.4	AV:L/AC:L/Au:N/C:P/I:P/A:P

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

https://www.qualcomm.com/company/product-security/bulletins/august-2020-bulletin

Broken Link

https://www.qualcomm.com/company/product-security/bulletins/august-2020-security-bulletin

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2020-3648

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-3648

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-3648

EUVD