Details of VAR-202009-1323

ID

VAR-202009-1323

CVE

CVE-2020-3624

TITLE

plural Snapdragon Integer overflow vulnerability in product

Trust: 0.8

sources: JVNDB: JVNDB-2020-010702

DESCRIPTION

u'A potential buffer overflow exists due to integer overflow when parsing handler options due to wrong data type usage in operation' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, Kamorta, MDM9150, MDM9205, MDM9206, MDM9207C, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCM2150, QCN7605, QCS605, QCS610, QM215, Rennell, SA415M, SA515M, Saipan, SC7180, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SXR1130. plural Snapdragon The product is vulnerable to integer overflow.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state

Trust: 1.62

sources: NVD: CVE-2020-3624 // JVNDB: JVNDB-2020-010702

AFFECTED PRODUCTS

vendor:	qualcomm	model:	sda660	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	mdm9150	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdm632	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sa415m	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	mdm9207c	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	msm8953	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	apq8096au	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	msm8937	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdm429	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sa515m	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdx20	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdx24	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sm6150	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdm660	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	mdm9607	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sda845	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	msm8996au	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	mdm9640	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	msm8909w	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	mdm9635m	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	apq8053	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdm439	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	saipan	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	nicobar	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdm670	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	kamorta	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sc8180x	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	mdm9650	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qcs605	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	mdm9625	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	msm8998	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	mdm9655	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sc7180	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	apq8098	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qcn7605	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdm710	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qcs610	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	mdm9205	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	msm8917	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdm429w	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sm8150	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	apq8017	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	msm8920	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	msm8909	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	msm8940	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qm215	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdm850	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qcm2150	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	msm8905	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdm450	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	apq8009	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	mdm9615	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	mdm9206	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdm630	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	mdm9645	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdm636	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdm845	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdx55	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sxr1130	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	rennell	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sm7150	scope:	eq	version:	-	Trust: 1.0
vendor:	クアルコム	model:	apq8009	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	apq8017	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	apq8053	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	apq8096au	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	apq8098	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	kamorta	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	mdm9150	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	mdm9205	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	mdm9206	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	mdm9207c	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2020-010702 // NVD: CVE-2020-3624

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-3624
value:	HIGH
Trust: 1.0
NVD:	CVE-2020-3624
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202008-023
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2020-3624
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8

nvd@nist.gov:	CVE-2020-3624
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2020-3624
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2020-010702 // CNNVD: CNNVD-202008-023 // NVD: CVE-2020-3624

PROBLEMTYPE DATA

problemtype:	CWE-190	Trust: 1.0
problemtype:	Integer overflow or wraparound (CWE-190) [NVD Evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2020-010702 // NVD: CVE-2020-3624

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202008-023

PATCH

title:	August 2020 Security Bulletin	url:	https://www.qualcomm.com/company/product-security/bulletins/august-2020-security-bulletin	Trust: 0.8
title:	Multiple Qualcomm Product input verification error vulnerability fixes	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=125360	Trust: 0.6

sources: JVNDB: JVNDB-2020-010702 // CNNVD: CNNVD-202008-023

EXTERNAL IDS

db:	NVD	id:	CVE-2020-3624	Trust: 2.4
db:	JVNDB	id:	JVNDB-2020-010702	Trust: 0.8
db:	AUSCERT	id:	ESB-2020.2661	Trust: 0.6
db:	CNNVD	id:	CNNVD-202008-023	Trust: 0.6

sources: JVNDB: JVNDB-2020-010702 // CNNVD: CNNVD-202008-023 // NVD: CVE-2020-3624

REFERENCES

url:	https://www.qualcomm.com/company/product-security/bulletins/august-2020-security-bulletin	Trust: 1.6
url:	https://www.qualcomm.com/company/product-security/bulletins/august-2020-bulletin	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2020-3624	Trust: 0.8
url:	https://source.android.com/security/bulletin/2020-08-01	Trust: 0.6
url:	https://vigilance.fr/vulnerability/google-android-pixel-multiple-vulnerabilities-of-august-2020-32996	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.2661/	Trust: 0.6

sources: JVNDB: JVNDB-2020-010702 // CNNVD: CNNVD-202008-023 // NVD: CVE-2020-3624

SOURCES

db:	JVNDB	id:	JVNDB-2020-010702
db:	CNNVD	id:	CNNVD-202008-023
db:	NVD	id:	CVE-2020-3624

LAST UPDATE DATE

2024-08-14T12:52:29.913000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2020-010702	date:	2021-02-01T08:35:00
db:	CNNVD	id:	CNNVD-202008-023	date:	2020-08-05T00:00:00
db:	NVD	id:	CVE-2020-3624	date:	2020-09-10T13:22:35.710

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2020-010702	date:	2021-02-01T00:00:00
db:	CNNVD	id:	CNNVD-202008-023	date:	2020-08-03T00:00:00
db:	NVD	id:	CVE-2020-3624	date:	2020-09-08T10:15:15.263