Sign-up

ID

VAR-202011-1304


CVE

CVE-2020-3654


TITLE

plural  Qualcomm  Product index validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2020-012905

DESCRIPTION

u'Buffer overflow occurs while processing SIP message packet due to lack of check of index validation before copying into it' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in Agatti, APQ8053, APQ8096AU, APQ8098, Bitra, Kamorta, MSM8905, MSM8909W, MSM8917, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCA6390, QCA6574AU, QCM2150, QCS605, QM215, Rennell, SA6155P, SA8155P, Saipan, SDA660, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130. plural Qualcomm The product contains a vulnerability in array index validation.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state

Trust: 1.71

sources: NVD: CVE-2020-3654 // JVNDB: JVNDB-2020-012905 // VULMON: CVE-2020-3654

AFFECTED PRODUCTS

vendor:qualcommmodel:sda660scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sm8250scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm632scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sa8155pscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8953scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:apq8096auscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm429scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sm6150scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm660scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sxr2130scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca6574auscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8996auscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8909wscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:apq8053scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:agattiscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm439scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:saipanscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:nicobarscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm670scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:kamortascope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qcs605scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm710scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8998scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sm8150scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:apq8098scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm429wscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8917scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qm215scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8940scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sa6155pscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qcm2150scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8905scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm450scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca6390scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm630scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm636scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm845scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:bitrascope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sxr1130scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:rennellscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sm7150scope:eqversion: -

Trust: 1.0

vendor:クアルコムmodel:bitrascope: - version: -

Trust: 0.8

vendor:クアルコムmodel:msm8905scope: - version: -

Trust: 0.8

vendor:クアルコムmodel:agattiscope: - version: -

Trust: 0.8

vendor:クアルコムmodel:msm8940scope: - version: -

Trust: 0.8

vendor:クアルコムmodel:apq8053scope: - version: -

Trust: 0.8

vendor:クアルコムmodel:msm8909wscope: - version: -

Trust: 0.8

vendor:クアルコムmodel:apq8096auscope: - version: -

Trust: 0.8

vendor:クアルコムmodel:msm8917scope: - version: -

Trust: 0.8

vendor:クアルコムmodel:apq8098scope: - version: -

Trust: 0.8

vendor:クアルコムmodel:kamortascope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2020-012905 // NVD: CVE-2020-3654

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-3654
value: CRITICAL

Trust: 1.0

NVD: CVE-2020-3654
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-202010-297
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2020-3654
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

nvd@nist.gov: CVE-2020-3654
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2020-3654
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2020-012905 // CNNVD: CNNVD-202010-297 // NVD: CVE-2020-3654

PROBLEMTYPE DATA

problemtype:CWE-129

Trust: 1.0

problemtype:Improper validation of array indexes (CWE-129) [NVD Evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2020-012905 // NVD: CVE-2020-3654

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202010-297

PATCH

title:October 2020 Security Bulletinurl:https://www.qualcomm.com/company/product-security/bulletins/october-2020-security-bulletin

Trust: 0.8

title:Google Android Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=129596

Trust: 0.6

title:Threatposturl:https://threatpost.com/google-android-system-flaws/159948/

Trust: 0.1

sources: VULMON: CVE-2020-3654 // JVNDB: JVNDB-2020-012905 // CNNVD: CNNVD-202010-297

EXTERNAL IDS

db:NVDid:CVE-2020-3654

Trust: 2.5

db:JVNDBid:JVNDB-2020-012905

Trust: 0.8

db:AUSCERTid:ESB-2020.3453

Trust: 0.6

db:CNNVDid:CNNVD-202010-297

Trust: 0.6

db:VULMONid:CVE-2020-3654

Trust: 0.1

sources: VULMON: CVE-2020-3654 // JVNDB: JVNDB-2020-012905 // CNNVD: CNNVD-202010-297 // NVD: CVE-2020-3654

REFERENCES

url:https://www.qualcomm.com/company/product-security/bulletins/october-2020-bulletin

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2020-3654

Trust: 1.4

url:https://www.qualcomm.com/company/product-security/bulletins/october-2020-security-bulletin

Trust: 1.0

url:https://www.auscert.org.au/bulletins/esb-2020.3453/

Trust: 0.6

url:https://vigilance.fr/vulnerability/google-android-multiple-vulnerabilities-of-october-2020-33491

Trust: 0.6

url:https://nvd.nist.gov

Trust: 0.1

url:https://threatpost.com/google-android-system-flaws/159948/

Trust: 0.1

sources: VULMON: CVE-2020-3654 // JVNDB: JVNDB-2020-012905 // CNNVD: CNNVD-202010-297 // NVD: CVE-2020-3654

SOURCES

db:VULMONid:CVE-2020-3654
db:JVNDBid:JVNDB-2020-012905
db:CNNVDid:CNNVD-202010-297
db:NVDid:CVE-2020-3654

LAST UPDATE DATE

2024-08-14T12:19:50.030000+00:00


SOURCES UPDATE DATE

db:VULMONid:CVE-2020-3654date:2020-11-06T00:00:00
db:JVNDBid:JVNDB-2020-012905date:2021-06-15T02:50:00
db:CNNVDid:CNNVD-202010-297date:2020-11-04T00:00:00
db:NVDid:CVE-2020-3654date:2020-11-06T19:51:48.493

SOURCES RELEASE DATE

db:VULMONid:CVE-2020-3654date:2020-11-02T00:00:00
db:JVNDBid:JVNDB-2020-012905date:2021-06-15T00:00:00
db:CNNVDid:CNNVD-202010-297date:2020-10-06T00:00:00
db:NVDid:CVE-2020-3654date:2020-11-02T07:15:14.387