CVE-2020-3654

EPSS 0.36%
Published 02.11.2020 07:15:14
Last modified 21.11.2024 05:31:30
Source product-security@qualcomm.com
Teams watchlist Login
Open Login

u'Buffer overflow occurs while processing SIP message packet due to lack of check of index validation before copying into it' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in Agatti, APQ8053, APQ8096AU, APQ8098, Bitra, Kamorta, MSM8905, MSM8909W, MSM8917, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCA6390, QCA6574AU, QCM2150, QCS605, QM215, Rennell, SA6155P, SA8155P, Saipan, SDA660, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130

Affected products Warnungen 0 Metrics 3 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

Qualcomm ≫ Agatti Firmware Version-

Qualcomm ≫ Agatti Version-

Qualcomm ≫ Apq8053 Firmware Version-

Qualcomm ≫ Apq8053 Version-

Qualcomm ≫ Apq8096au Firmware Version-

Qualcomm ≫ Apq8096au Version-

Qualcomm ≫ Apq8098 Firmware Version-

Qualcomm ≫ Apq8098 Version-

Qualcomm ≫ Bitra Firmware Version-

Qualcomm ≫ Bitra Version-

Qualcomm ≫ Kamorta Firmware Version-

Qualcomm ≫ Kamorta Version-

Qualcomm ≫ Msm8905 Firmware Version-

Qualcomm ≫ Msm8905 Version-

Qualcomm ≫ Msm8909w Firmware Version-

Qualcomm ≫ Msm8909w Version-

Qualcomm ≫ Msm8917 Firmware Version-

Qualcomm ≫ Msm8917 Version-

Qualcomm ≫ Msm8940 Firmware Version-

Qualcomm ≫ Msm8940 Version-

Qualcomm ≫ Msm8953 Firmware Version-

Qualcomm ≫ Msm8953 Version-

Qualcomm ≫ Msm8996au Firmware Version-

Qualcomm ≫ Msm8996au Version-

Qualcomm ≫ Msm8998 Firmware Version-

Qualcomm ≫ Msm8998 Version-

Qualcomm ≫ Nicobar Firmware Version-

Qualcomm ≫ Nicobar Version-

Qualcomm ≫ Qca6390 Firmware Version-

Qualcomm ≫ Qca6390 Version-

Qualcomm ≫ Qca6574au Firmware Version-

Qualcomm ≫ Qca6574au Version-

Qualcomm ≫ Qcm2150 Firmware Version-

Qualcomm ≫ Qcm2150 Version-

Qualcomm ≫ Qcs605 Firmware Version-

Qualcomm ≫ Qcs605 Version-

Qualcomm ≫ Qm215 Firmware Version-

Qualcomm ≫ Qm215 Version-

Qualcomm ≫ Rennell Firmware Version-

Qualcomm ≫ Rennell Version-

Qualcomm ≫ Sa6155p Firmware Version-

Qualcomm ≫ Sa6155p Version-

Qualcomm ≫ Sa8155p Firmware Version-

Qualcomm ≫ Sa8155p Version-

Qualcomm ≫ Saipan Firmware Version-

Qualcomm ≫ Saipan Version-

Qualcomm ≫ Sda660 Firmware Version-

Qualcomm ≫ Sda660 Version-

Qualcomm ≫ Sdm429 Firmware Version-

Qualcomm ≫ Sdm429 Version-

Qualcomm ≫ Sdm429w Firmware Version-

Qualcomm ≫ Sdm429w Version-

Qualcomm ≫ Sdm439 Firmware Version-

Qualcomm ≫ Sdm439 Version-

Qualcomm ≫ Sdm450 Firmware Version-

Qualcomm ≫ Sdm450 Version-

Qualcomm ≫ Sdm630 Firmware Version-

Qualcomm ≫ Sdm630 Version-

Qualcomm ≫ Sdm632 Firmware Version-

Qualcomm ≫ Sdm632 Version-

Qualcomm ≫ Sdm636 Firmware Version-

Qualcomm ≫ Sdm636 Version-

Qualcomm ≫ Sdm660 Firmware Version-

Qualcomm ≫ Sdm660 Version-

Qualcomm ≫ Sdm670 Firmware Version-

Qualcomm ≫ Sdm670 Version-

Qualcomm ≫ Sdm710 Firmware Version-

Qualcomm ≫ Sdm710 Version-

Qualcomm ≫ Sdm845 Firmware Version-

Qualcomm ≫ Sdm845 Version-

Qualcomm ≫ Sm6150 Firmware Version-

Qualcomm ≫ Sm6150 Version-

Qualcomm ≫ Sm7150 Firmware Version-

Qualcomm ≫ Sm7150 Version-

Qualcomm ≫ Sm8150 Firmware Version-

Qualcomm ≫ Sm8150 Version-

Qualcomm ≫ Sm8250 Firmware Version-

Qualcomm ≫ Sm8250 Version-

Qualcomm ≫ Sxr1130 Firmware Version-

Qualcomm ≫ Sxr1130 Version-

Qualcomm ≫ Sxr2130 Firmware Version-

Qualcomm ≫ Sxr2130 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.36%	0.549

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	10	10	10	AV:N/AC:L/Au:N/C:C/I:C/A:C

CWE-129 Improper Validation of Array Index

The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.

https://www.qualcomm.com/company/product-security/bulletins/october-2020-bulletin

Broken Link

https://www.qualcomm.com/company/product-security/bulletins/october-2020-security-bulletin

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2020-3654

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-3654

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-3654

EUVD