ID

VAR-202011-1306


CVE

CVE-2020-3673


TITLE

plural  Qualcomm  Product index validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2020-012908

DESCRIPTION

u'Buffer overflow can happen as part of SIP message packet processing while storing values in array due to lack of check to validate the index length' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in Agatti, APQ8053, APQ8096AU, APQ8098, Bitra, Kamorta, MSM8905, MSM8909W, MSM8917, MSM8940, MSM8953, MSM8996AU, Nicobar, QCA6390, QCA6574AU, QCM2150, QCS605, QM215, Rennell, SA6155P, SA8155P, Saipan, SDA660, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130. plural Qualcomm The product contains a vulnerability in array index validation.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state

Trust: 1.71

sources: NVD: CVE-2020-3673 // JVNDB: JVNDB-2020-012908 // VULMON: CVE-2020-3673

AFFECTED PRODUCTS

vendor:qualcommmodel:sda660scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sm8250scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm632scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sa8155pscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8953scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:apq8096auscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm429scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sm6150scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm660scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sxr2130scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca6574auscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8996auscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8909wscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:apq8053scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:agattiscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm439scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:saipanscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:nicobarscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm670scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:kamortascope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qcs605scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm710scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sm8150scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:apq8098scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm429wscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8917scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qm215scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8940scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sa6155pscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qcm2150scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8905scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm450scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca6390scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm630scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm636scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm845scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:bitrascope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sxr1130scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:rennellscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sm7150scope:eqversion: -

Trust: 1.0

vendor:クアルコムmodel:bitrascope: - version: -

Trust: 0.8

vendor:クアルコムmodel:msm8905scope: - version: -

Trust: 0.8

vendor:クアルコムmodel:agattiscope: - version: -

Trust: 0.8

vendor:クアルコムmodel:msm8940scope: - version: -

Trust: 0.8

vendor:クアルコムmodel:apq8053scope: - version: -

Trust: 0.8

vendor:クアルコムmodel:msm8909wscope: - version: -

Trust: 0.8

vendor:クアルコムmodel:apq8096auscope: - version: -

Trust: 0.8

vendor:クアルコムmodel:msm8917scope: - version: -

Trust: 0.8

vendor:クアルコムmodel:apq8098scope: - version: -

Trust: 0.8

vendor:クアルコムmodel:kamortascope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2020-012908 // NVD: CVE-2020-3673

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-3673
value: CRITICAL

Trust: 1.0

NVD: CVE-2020-3673
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-202010-298
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2020-3673
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

nvd@nist.gov: CVE-2020-3673
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2020-3673
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2020-012908 // CNNVD: CNNVD-202010-298 // NVD: CVE-2020-3673

PROBLEMTYPE DATA

problemtype:CWE-129

Trust: 1.0

problemtype:Improper validation of array indexes (CWE-129) [NVD Evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2020-012908 // NVD: CVE-2020-3673

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202010-298

PATCH

title:October 2020 Security Bulletinurl:https://www.qualcomm.com/company/product-security/bulletins/october-2020-security-bulletin

Trust: 0.8

title:Google Android Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=129597

Trust: 0.6

title:Threatposturl:https://threatpost.com/google-android-system-flaws/159948/

Trust: 0.1

sources: VULMON: CVE-2020-3673 // JVNDB: JVNDB-2020-012908 // CNNVD: CNNVD-202010-298

EXTERNAL IDS

db:NVDid:CVE-2020-3673

Trust: 2.5

db:JVNDBid:JVNDB-2020-012908

Trust: 0.8

db:AUSCERTid:ESB-2020.3453

Trust: 0.6

db:CNNVDid:CNNVD-202010-298

Trust: 0.6

db:VULMONid:CVE-2020-3673

Trust: 0.1

sources: VULMON: CVE-2020-3673 // JVNDB: JVNDB-2020-012908 // CNNVD: CNNVD-202010-298 // NVD: CVE-2020-3673

REFERENCES

url:https://www.qualcomm.com/company/product-security/bulletins/october-2020-bulletin

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2020-3673

Trust: 1.4

url:https://www.qualcomm.com/company/product-security/bulletins/october-2020-security-bulletin

Trust: 1.0

url:https://www.auscert.org.au/bulletins/esb-2020.3453/

Trust: 0.6

url:https://vigilance.fr/vulnerability/google-android-multiple-vulnerabilities-of-october-2020-33491

Trust: 0.6

url:https://nvd.nist.gov

Trust: 0.1

url:https://threatpost.com/google-android-system-flaws/159948/

Trust: 0.1

sources: VULMON: CVE-2020-3673 // JVNDB: JVNDB-2020-012908 // CNNVD: CNNVD-202010-298 // NVD: CVE-2020-3673

SOURCES

db:VULMONid:CVE-2020-3673
db:JVNDBid:JVNDB-2020-012908
db:CNNVDid:CNNVD-202010-298
db:NVDid:CVE-2020-3673

LAST UPDATE DATE

2024-08-14T12:34:43.287000+00:00


SOURCES UPDATE DATE

db:VULMONid:CVE-2020-3673date:2020-11-06T00:00:00
db:JVNDBid:JVNDB-2020-012908date:2021-06-15T02:50:00
db:CNNVDid:CNNVD-202010-298date:2020-11-04T00:00:00
db:NVDid:CVE-2020-3673date:2020-11-06T16:58:44.313

SOURCES RELEASE DATE

db:VULMONid:CVE-2020-3673date:2020-11-02T00:00:00
db:JVNDBid:JVNDB-2020-012908date:2021-06-15T00:00:00
db:CNNVDid:CNNVD-202010-298date:2020-10-06T00:00:00
db:NVDid:CVE-2020-3673date:2020-11-02T07:15:14.593