ID

VAR-202011-0219


CVE

CVE-2020-11193


TITLE

plural  Qualcomm  Out-of-bounds read vulnerabilities in the product

Trust: 0.8

sources: JVNDB: JVNDB-2020-013204

DESCRIPTION

u'Buffer over read can happen while parsing mkv clip due to improper typecasting of data returned from atomsize' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8009W, APQ8017, APQ8037, APQ8053, APQ8064AU, APQ8096, APQ8096AU, APQ8096SG, APQ8098, MDM9206, MDM9650, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8996SG, MSM8998, QCM4290, QCM6125, QCS405, QCS410, QCS4290, QCS603, QCS605, QCS610, QCS6125, QM215, QSM8350, SA6145P, SA6155, SA6155P, SA8155, SA8155P, SDA429W, SDA640, SDA660, SDA670, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM455, SDM630, SDM632, SDM636, SDM640, SDM660, SDM670, SDM710, SDM830, SDM845, SDW2500, SDX20, SDX20M, SDX50M, SDX55, SDX55M, SM4125, SM4250, SM4250P, SM6115, SM6115P, SM6125, SM6150, SM6150P, SM6250, SM6250P, SM6350, SM7125, SM7150, SM7150P, SM7225, SM7250, SM7250P, SM8150, SM8150P, SM8250, SM8350, SM8350P, SXR1120, SXR1130, SXR2130, SXR2130P, WCD9330. plural Qualcomm The product contains an out-of-bounds read vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state

Trust: 1.62

sources: NVD: CVE-2020-11193 // JVNDB: JVNDB-2020-013204

AFFECTED PRODUCTS

vendor:qualcommmodel:qcs603scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sm8250scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8937scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:apq8096auscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm429scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sm6150scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:apq8009wscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sm6250scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm640scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sm7250pscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qsm8350scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8909wscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:apq8053scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qcs410scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:apq8096scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm439scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm670scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sm4250pscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qcs605scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm710scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sm8150scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sm6250pscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qcs610scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm429wscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8917scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qcm4290scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sm7225scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sm8350scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:apq8096sgscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sm8150pscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdx50mscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm450scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdx20mscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sm4125scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:apq8009scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm630scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdw2500scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm636scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sm6115pscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sxr1130scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sm6350scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:apq8037scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qcs4290scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sda845scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sm7150scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sxr2130pscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sm6115scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sda660scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm455scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sm4250scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm632scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sa6145pscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sa8155pscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8953scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sm6150pscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sm7150pscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qcs405scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sm7125scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8996sgscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sda429wscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdx20scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qcm6125scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm660scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wcd9330scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sxr2130scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sm8350pscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8996auscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sda640scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sa8155scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8996scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qcs6125scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sda670scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdx55mscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9650scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8998scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm830scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:apq8098scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:apq8017scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8920scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8909scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8940scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qm215scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sa6155pscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8905scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sm7250scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9206scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sm6125scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sa6155scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdx55scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:apq8064auscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm845scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sxr1120scope:eqversion: -

Trust: 1.0

vendor:クアルコムmodel:apq8098scope: - version: -

Trust: 0.8

vendor:クアルコムmodel:apq8064auscope: - version: -

Trust: 0.8

vendor:クアルコムmodel:apq8009scope: - version: -

Trust: 0.8

vendor:クアルコムmodel:apq8017scope: - version: -

Trust: 0.8

vendor:クアルコムmodel:apq8053scope: - version: -

Trust: 0.8

vendor:クアルコムmodel:apq8096auscope: - version: -

Trust: 0.8

vendor:クアルコムmodel:apq8037scope: - version: -

Trust: 0.8

vendor:クアルコムmodel:apq8096scope: - version: -

Trust: 0.8

vendor:クアルコムmodel:mdm9206scope: - version: -

Trust: 0.8

vendor:クアルコムmodel:apq8009wscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2020-013204 // NVD: CVE-2020-11193

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-11193
value: CRITICAL

Trust: 1.0

NVD: CVE-2020-11193
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-202011-153
value: CRITICAL

Trust: 0.6

nvd@nist.gov: CVE-2020-11193
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

nvd@nist.gov: CVE-2020-11193
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2020-11193
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2020-013204 // CNNVD: CNNVD-202011-153 // NVD: CVE-2020-11193

PROBLEMTYPE DATA

problemtype:CWE-125

Trust: 1.0

problemtype:Out-of-bounds read (CWE-125) [NVD Evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2020-013204 // NVD: CVE-2020-11193

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202011-153

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202011-153

PATCH

title:November 2020 Security Bulletinurl:https://www.qualcomm.com/company/product-security/bulletins/november-2020-security-bulletin

Trust: 0.8

title:Qualcomm Video Buffer error vulnerability fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=134475

Trust: 0.6

sources: JVNDB: JVNDB-2020-013204 // CNNVD: CNNVD-202011-153

EXTERNAL IDS

db:NVDid:CVE-2020-11193

Trust: 2.4

db:JVNDBid:JVNDB-2020-013204

Trust: 0.8

db:CNNVDid:CNNVD-202011-153

Trust: 0.6

sources: JVNDB: JVNDB-2020-013204 // CNNVD: CNNVD-202011-153 // NVD: CVE-2020-11193

REFERENCES

url:https://www.qualcomm.com/company/product-security/bulletins/november-2020-bulletin

Trust: 1.6

url:https://nvd.nist.gov/vuln/detail/cve-2020-11193

Trust: 1.4

url:https://vigilance.fr/vulnerability/google-android-pixel-multiple-vulnerabilities-of-november-2020-33773

Trust: 0.6

url:https://www.qualcomm.com/company/product-security/bulletins/november-2020-security-bulletin

Trust: 0.6

sources: JVNDB: JVNDB-2020-013204 // CNNVD: CNNVD-202011-153 // NVD: CVE-2020-11193

SOURCES

db:JVNDBid:JVNDB-2020-013204
db:CNNVDid:CNNVD-202011-153
db:NVDid:CVE-2020-11193

LAST UPDATE DATE

2024-08-14T14:25:36.217000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2020-013204date:2021-06-21T09:03:00
db:CNNVDid:CNNVD-202011-153date:2020-11-24T00:00:00
db:NVDid:CVE-2020-11193date:2020-11-30T18:02:59.630

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2020-013204date:2021-06-21T00:00:00
db:CNNVDid:CNNVD-202011-153date:2020-11-02T00:00:00
db:NVDid:CVE-2020-11193date:2020-11-12T10:15:12.670