CVE-2020-3698

EPSS 0.3%
Published 30.07.2020 12:15:12
Last modified 21.11.2024 05:31:35
Source product-security@qualcomm.com
Teams watchlist Login
Open Login

Out of bound write while QoS DSCP mapping due to improper input validation for data received from association response frame in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9150, MDM9206, MDM9207C, MDM9607, MDM9650, MSM8905, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, Nicobar, QCA6174A, QCA6574AU, QCA9377, QCA9379, QCM2150, QCN7605, QCS405, QCS605, QM215, SA6155P, Saipan, SC8180X, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM845, SDX20, SDX55, SM8150, SM8250, SXR2130

Affected products Warnungen 0 Metrics 3 CWE 2 References 5

Data is provided by the National Vulnerability Database (NVD)

Qualcomm ≫ Apq8009 Firmware Version-

Qualcomm ≫ Apq8009 Version-

Qualcomm ≫ Apq8017 Firmware Version-

Qualcomm ≫ Apq8017 Version-

Qualcomm ≫ Apq8053 Firmware Version-

Qualcomm ≫ Apq8053 Version-

Qualcomm ≫ Apq8096au Firmware Version-

Qualcomm ≫ Apq8096au Version-

Qualcomm ≫ Apq8098 Firmware Version-

Qualcomm ≫ Apq8098 Version-

Qualcomm ≫ Mdm9150 Firmware Version-

Qualcomm ≫ Mdm9150 Version-

Qualcomm ≫ Mdm9206 Firmware Version-

Qualcomm ≫ Mdm9206 Version-

Qualcomm ≫ Mdm9207c Firmware Version-

Qualcomm ≫ Mdm9207c Version-

Qualcomm ≫ Mdm9607 Firmware Version-

Qualcomm ≫ Mdm9607 Version-

Qualcomm ≫ Mdm9650 Firmware Version-

Qualcomm ≫ Mdm9650 Version-

Qualcomm ≫ Msm8905 Firmware Version-

Qualcomm ≫ Msm8905 Version-

Qualcomm ≫ Msm8909w Firmware Version-

Qualcomm ≫ Msm8909w Version-

Qualcomm ≫ Msm8917 Firmware Version-

Qualcomm ≫ Msm8917 Version-

Qualcomm ≫ Msm8920 Firmware Version-

Qualcomm ≫ Msm8920 Version-

Qualcomm ≫ Msm8937 Firmware Version-

Qualcomm ≫ Msm8937 Version-

Qualcomm ≫ Msm8940 Firmware Version-

Qualcomm ≫ Msm8940 Version-

Qualcomm ≫ Msm8953 Firmware Version-

Qualcomm ≫ Msm8953 Version-

Qualcomm ≫ Msm8996au Firmware Version-

Qualcomm ≫ Msm8996au Version-

Qualcomm ≫ Nicobar Firmware Version-

Qualcomm ≫ Nicobar Version-

Qualcomm ≫ Qca6174a Firmware Version-

Qualcomm ≫ Qca6174a Version-

Qualcomm ≫ Qca6574au Firmware Version-

Qualcomm ≫ Qca6574au Version-

Qualcomm ≫ Qca9377 Firmware Version-

Qualcomm ≫ Qca9377 Version-

Qualcomm ≫ Qca9379 Firmware Version-

Qualcomm ≫ Qca9379 Version-

Qualcomm ≫ Qcm2150 Firmware Version-

Qualcomm ≫ Qcm2150 Version-

Qualcomm ≫ Qcn7605 Firmware Version-

Qualcomm ≫ Qcn7605 Version-

Qualcomm ≫ Qcs405 Firmware Version-

Qualcomm ≫ Qcs405 Version-

Qualcomm ≫ Qcs605 Firmware Version-

Qualcomm ≫ Qcs605 Version-

Qualcomm ≫ Qm215 Firmware Version-

Qualcomm ≫ Qm215 Version-

Qualcomm ≫ Sa6155p Firmware Version-

Qualcomm ≫ Sa6155p Version-

Qualcomm ≫ Saipan Firmware Version-

Qualcomm ≫ Saipan Version-

Qualcomm ≫ Sc8180x Firmware Version-

Qualcomm ≫ Sc8180x Version-

Qualcomm ≫ Sda845 Firmware Version-

Qualcomm ≫ Sda845 Version-

Qualcomm ≫ Sdm429 Firmware Version-

Qualcomm ≫ Sdm429 Version-

Qualcomm ≫ Sdm429w Firmware Version-

Qualcomm ≫ Sdm429w Version-

Qualcomm ≫ Sdm439 Firmware Version-

Qualcomm ≫ Sdm439 Version-

Qualcomm ≫ Sdm450 Firmware Version-

Qualcomm ≫ Sdm450 Version-

Qualcomm ≫ Sdm630 Firmware Version-

Qualcomm ≫ Sdm630 Version-

Qualcomm ≫ Sdm632 Firmware Version-

Qualcomm ≫ Sdm632 Version-

Qualcomm ≫ Sdm636 Firmware Version-

Qualcomm ≫ Sdm636 Version-

Qualcomm ≫ Sdm660 Firmware Version-

Qualcomm ≫ Sdm660 Version-

Qualcomm ≫ Sdm845 Firmware Version-

Qualcomm ≫ Sdm845 Version-

Qualcomm ≫ Sdx20 Firmware Version-

Qualcomm ≫ Sdx20 Version-

Qualcomm ≫ Sdx55 Firmware Version-

Qualcomm ≫ Sdx55 Version-

Qualcomm ≫ Sm8150 Firmware Version-

Qualcomm ≫ Sm8150 Version-

Qualcomm ≫ Sm8250 Firmware Version-

Qualcomm ≫ Sm8250 Version-

Qualcomm ≫ Sxr2130 Firmware Version-

Qualcomm ≫ Sxr2130 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.3%	0.499

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

https://www.qualcomm.com/company/product-security/bulletins/july-2020-bulletin

Broken Link

https://www.qualcomm.com/company/product-security/bulletins/july-2020-security-bulletin

Patch

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2020-3698

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-3698

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-3698

EUVD