6.6

CVE-2024-23366

Buffer Over-read in Automotive Autonomy

Information Disclosure while invoking the mailbox write API when message received from user is larger than mailbox size.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
QualcommQam8255p Firmware Version-
   QualcommQam8255p Version-
QualcommQam8295p Firmware Version-
   QualcommQam8295p Version-
QualcommQam8650p Firmware Version-
   QualcommQam8650p Version-
QualcommQam8775p Firmware Version-
   QualcommQam8775p Version-
QualcommQamsrv1h Firmware Version-
   QualcommQamsrv1h Version-
QualcommQca6595 Firmware Version-
   QualcommQca6595 Version-
QualcommQca6595au Firmware Version-
   QualcommQca6595au Version-
QualcommQca6696 Firmware Version-
   QualcommQca6696 Version-
QualcommQca6698aq Firmware Version-
   QualcommQca6698aq Version-
QualcommSa8255p Firmware Version-
   QualcommSa8255p Version-
QualcommSa8295p Firmware Version-
   QualcommSa8295p Version-
QualcommSa8540p Firmware Version-
   QualcommSa8540p Version-
QualcommSa8650p Firmware Version-
   QualcommSa8650p Version-
QualcommSa8770p Firmware Version-
   QualcommSa8770p Version-
QualcommSa8775p Firmware Version-
   QualcommSa8775p Version-
QualcommSa9000p Firmware Version-
   QualcommSa9000p Version-
QualcommSrv1h Firmware Version-
   QualcommSrv1h Version-
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.07% 0.221
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
product-security@qualcomm.com 6.6 1.8 4.7
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L
CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

CWE-126 Buffer Over-read

The product reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations after the targeted buffer.