CVE-2022-33211

EPSS 0.12%
Published 13.04.2023 07:15:13
Last modified 21.11.2024 07:07:43
Source product-security@qualcomm.com
Teams watchlist Login
Open Login

memory corruption in modem due to improper check while calculating size of serialized CoAP message

Affected products Warnungen 0 Metrics 3 CWE 2 References 4

Data is provided by the National Vulnerability Database (NVD)

Qualcomm ≫ Mdm8207 Firmware Version-

Qualcomm ≫ Mdm8207 Version-

Qualcomm ≫ Mdm9205 Firmware Version-

Qualcomm ≫ Mdm9205 Version-

Qualcomm ≫ Mdm9206 Firmware Version-

Qualcomm ≫ Mdm9206 Version-

Qualcomm ≫ Mdm9207 Firmware Version-

Qualcomm ≫ Mdm9207 Version-

Qualcomm ≫ Qca4004 Firmware Version-

Qualcomm ≫ Qca4004 Version-

Qualcomm ≫ Qts110 Firmware Version-

Qualcomm ≫ Qts110 Version-

Qualcomm ≫ Snapdragon Wear 1100 Firmware Version-

Qualcomm ≫ Snapdragon Wear 1100 Version-

Qualcomm ≫ Snapdragon Wear 1200 Firmware Version-

Qualcomm ≫ Snapdragon Wear 1200 Version-

Qualcomm ≫ Snapdragon Wear 1300 Firmware Version-

Qualcomm ≫ Snapdragon Wear 1300 Version-

Qualcomm ≫ Snapdragon X5 Lte Modem Firmware Version-

Qualcomm ≫ Snapdragon X5 Lte Modem Version-

Qualcomm ≫ Wcd9306 Firmware Version-

Qualcomm ≫ Wcd9306 Version-

Qualcomm ≫ Wcd9330 Firmware Version-

Qualcomm ≫ Wcd9330 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.12%	0.281

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
product-security@qualcomm.com	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-131 Incorrect Calculation of Buffer Size

The product does not correctly calculate the size to be used when allocating a buffer, which could lead to a buffer overflow.

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://www.qualcomm.com/company/product-security/bulletins/april-2023-bulletin

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-33211

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-33211

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-33211

EUVD