9.8

CVE-2020-3703

u'Buffer over-read issue in Bluetooth peripheral firmware due to lack of check for invalid opcode and length of opcode received from central device(This CVE is equivalent to Link Layer Length Overfow issue (CVE-2019-16336,CVE-2019-17519) and Silent Length Overflow issue(CVE-2019-17518) mentioned in sweyntooth paper)' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music in APQ8053, APQ8076, AR9344, Bitra, Kamorta, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8917, MSM8937, MSM8940, MSM8953, Nicobar, QCA6174A, QCA9377, QCM2150, QCM6125, QCS404, QCS405, QCS605, QCS610, QM215, Rennell, SC8180X, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SDX24, SM6150, SM7150, SM8150, SXR1130

Data is provided by the National Vulnerability Database (NVD)
QualcommApq8053 Firmware Version-
   QualcommApq8053 Version-
QualcommApq8076 Firmware Version-
   QualcommApq8076 Version-
QualcommAr9344 Firmware Version-
   QualcommAr9344 Version-
QualcommBitra Firmware Version-
   QualcommBitra Version-
QualcommKamorta Firmware Version-
   QualcommKamorta Version-
QualcommMdm9206 Firmware Version-
   QualcommMdm9206 Version-
QualcommMdm9207c Firmware Version-
   QualcommMdm9207c Version-
QualcommMdm9607 Firmware Version-
   QualcommMdm9607 Version-
QualcommMsm8905 Firmware Version-
   QualcommMsm8905 Version-
QualcommMsm8917 Firmware Version-
   QualcommMsm8917 Version-
QualcommMsm8937 Firmware Version-
   QualcommMsm8937 Version-
QualcommMsm8940 Firmware Version-
   QualcommMsm8940 Version-
QualcommMsm8953 Firmware Version-
   QualcommMsm8953 Version-
QualcommNicobar Firmware Version-
   QualcommNicobar Version-
QualcommQca6174a Firmware Version-
   QualcommQca6174a Version-
QualcommQca9377 Firmware Version-
   QualcommQca9377 Version-
QualcommQcm2150 Firmware Version-
   QualcommQcm2150 Version-
QualcommQcm6125 Firmware Version-
   QualcommQcm6125 Version-
QualcommQcs404 Firmware Version-
   QualcommQcs404 Version-
QualcommQcs405 Firmware Version-
   QualcommQcs405 Version-
QualcommQcs605 Firmware Version-
   QualcommQcs605 Version-
QualcommQcs610 Firmware Version-
   QualcommQcs610 Version-
QualcommQm215 Firmware Version-
   QualcommQm215 Version-
QualcommRennell Firmware Version-
   QualcommRennell Version-
QualcommSc8180x Firmware Version-
   QualcommSc8180x Version-
QualcommSdm429 Firmware Version-
   QualcommSdm429 Version-
QualcommSdm439 Firmware Version-
   QualcommSdm439 Version-
QualcommSdm450 Firmware Version-
   QualcommSdm450 Version-
QualcommSdm630 Firmware Version-
   QualcommSdm630 Version-
QualcommSdm632 Firmware Version-
   QualcommSdm632 Version-
QualcommSdm636 Firmware Version-
   QualcommSdm636 Version-
QualcommSdm660 Firmware Version-
   QualcommSdm660 Version-
QualcommSdm670 Firmware Version-
   QualcommSdm670 Version-
QualcommSdm710 Firmware Version-
   QualcommSdm710 Version-
QualcommSdm845 Firmware Version-
   QualcommSdm845 Version-
QualcommSdx20 Firmware Version-
   QualcommSdx20 Version-
QualcommSdx24 Firmware Version-
   QualcommSdx24 Version-
QualcommSm6150 Firmware Version-
   QualcommSm6150 Version-
QualcommSm7150 Firmware Version-
   QualcommSm7150 Version-
QualcommSm8150 Firmware Version-
   QualcommSm8150 Version-
QualcommSxr1130 Firmware Version-
   QualcommSxr1130 Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.29% 0.523
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.