CVE-2022-22099

EPSS 0.05%
Published 02.09.2022 12:15:09
Last modified 21.11.2024 06:46:10
Source product-security@qualcomm.com
Teams watchlist Login
Open Login

Memory corruption in multimedia due to improper validation of array index in Snapdragon Auto

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Qualcomm ≫ Sa8540p Firmware Version-

Qualcomm ≫ Sa8540p Version-

Qualcomm ≫ Sa9000p Firmware Version-

Qualcomm ≫ Sa9000p Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.05%	0.15

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
product-security@qualcomm.com	8.4	2.5	5.9	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-129 Improper Validation of Array Index

The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.

https://www.qualcomm.com/company/product-security/bulletins/august-2022-bulletin

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-22099

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-22099

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-22099

EUVD