ID
VAR-202011-0062
CVE
CVE-2020-11131
TITLE
plural Qualcomm Integer overflow vulnerability in product
Trust: 0.8
DESCRIPTION
u'Possible buffer overflow in WMA message processing due to integer overflow occurs when processing command received from user space' in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in APQ8009, APQ8053, APQ8096AU, MDM9206, MDM9250, MDM9628, MDM9640, MDM9650, MSM8996AU, QCS405, SDA845, SDX20, SDX20M, WCD9330. plural Qualcomm The product is vulnerable to integer overflow.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state
Trust: 1.62
AFFECTED PRODUCTS
| vendor: | qualcomm | model: | apq8053 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | mdm9206 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sda845 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | apq8096au | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | msm8996au | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | wcd9330 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | mdm9640 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | apq8009 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | qcs405 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sdx20 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | mdm9250 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sdx20m | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | mdm9628 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | mdm9650 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | クアルコム | model: | qcs405 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | クアルコム | model: | mdm9650 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | クアルコム | model: | apq8009 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | クアルコム | model: | apq8053 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | クアルコム | model: | apq8096au | scope: | - | version: | - | Trust: 0.8 |
| vendor: | クアルコム | model: | mdm9640 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | クアルコム | model: | sda845 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | クアルコム | model: | sdx20 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | クアルコム | model: | mdm9206 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | クアルコム | model: | msm8996au | scope: | - | version: | - | Trust: 0.8 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-190 | Trust: 1.0 |
| problemtype: | Integer overflow or wraparound (CWE-190) [NVD Evaluation ] | Trust: 0.8 |
THREAT TYPE
local
Trust: 0.6
TYPE
input validation error
Trust: 0.6
PATCH
| title: | November 2020 Security Bulletin | url: | https://www.qualcomm.com/company/product-security/bulletins/november-2020-security-bulletin | Trust: 0.8 |
| title: | Qualcomm wma Enter the fix for the verification error vulnerability | url: | http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=134467 | Trust: 0.6 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2020-11131 | Trust: 2.4 |
| db: | JVNDB | id: | JVNDB-2020-013197 | Trust: 0.8 |
| db: | CNNVD | id: | CNNVD-202011-135 | Trust: 0.6 |
REFERENCES
| url: | https://www.qualcomm.com/company/product-security/bulletins/november-2020-bulletin | Trust: 1.6 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2020-11131 | Trust: 1.4 |
| url: | https://vigilance.fr/vulnerability/google-android-pixel-multiple-vulnerabilities-of-november-2020-33773 | Trust: 0.6 |
| url: | https://www.qualcomm.com/company/product-security/bulletins/november-2020-security-bulletin | Trust: 0.6 |
SOURCES
| db: | JVNDB | id: | JVNDB-2020-013197 |
| db: | CNNVD | id: | CNNVD-202011-135 |
| db: | NVD | id: | CVE-2020-11131 |
LAST UPDATE DATE
2024-11-23T22:05:24.048000+00:00
SOURCES UPDATE DATE
| db: | JVNDB | id: | JVNDB-2020-013197 | date: | 2021-06-21T09:03:00 |
| db: | CNNVD | id: | CNNVD-202011-135 | date: | 2021-07-12T00:00:00 |
| db: | NVD | id: | CVE-2020-11131 | date: | 2024-11-21T04:56:53.467 |
SOURCES RELEASE DATE
| db: | JVNDB | id: | JVNDB-2020-013197 | date: | 2021-06-21T00:00:00 |
| db: | CNNVD | id: | CNNVD-202011-135 | date: | 2020-11-02T00:00:00 |
| db: | NVD | id: | CVE-2020-11131 | date: | 2020-11-12T10:15:12.250 |