ID

VAR-202301-0628


CVE

CVE-2022-33218


TITLE

plural  Qualcomm  Product input verification vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2022-004712

DESCRIPTION

Memory corruption in Automotive due to improper input validation. plural Qualcomm The product contains an input validation vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.71

sources: NVD: CVE-2022-33218 // JVNDB: JVNDB-2022-004712 // VULMON: CVE-2022-33218

AFFECTED PRODUCTS

vendor:qualcommmodel:sa8295pscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sa6145pscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca6696scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qam8295pscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sa8155pscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sa8145pscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sa6150pscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sa8540pscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:apq8096auscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca6564auscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sa6155pscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sa9000pscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca6574ascope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca6574auscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8996auscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca6584auscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sa6155scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sa8195pscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:apq8064auscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca6564ascope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sa8155scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sa8150pscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca6595auscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca6595scope:eqversion: -

Trust: 1.0

vendor:クアルコムmodel:qca6574auscope: - version: -

Trust: 0.8

vendor:クアルコムmodel:apq8064auscope: - version: -

Trust: 0.8

vendor:クアルコムmodel:qca6595scope: - version: -

Trust: 0.8

vendor:クアルコムmodel:apq8096auscope: - version: -

Trust: 0.8

vendor:クアルコムmodel:qca6564ascope: - version: -

Trust: 0.8

vendor:クアルコムmodel:msm8996auscope: - version: -

Trust: 0.8

vendor:クアルコムmodel:qca6574ascope: - version: -

Trust: 0.8

vendor:クアルコムmodel:qca6564auscope: - version: -

Trust: 0.8

vendor:クアルコムmodel:qca6584auscope: - version: -

Trust: 0.8

vendor:クアルコムmodel:qam8295pscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2022-004712 // NVD: CVE-2022-33218

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-33218
value: HIGH

Trust: 1.0

product-security@qualcomm.com: CVE-2022-33218
value: HIGH

Trust: 1.0

NVD: CVE-2022-33218
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202301-575
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2022-33218
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

product-security@qualcomm.com: CVE-2022-33218
baseSeverity: HIGH
baseScore: 8.2
vectorString: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.5
impactScore: 6.0
version: 3.1

Trust: 1.0

NVD: CVE-2022-33218
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2022-004712 // CNNVD: CNNVD-202301-575 // NVD: CVE-2022-33218 // NVD: CVE-2022-33218

PROBLEMTYPE DATA

problemtype:CWE-787

Trust: 1.0

problemtype:Inappropriate input confirmation (CWE-20) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2022-004712 // NVD: CVE-2022-33218

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202301-575

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202301-575

PATCH

title:January 2023 Security Bulletinurl:https://docs.qualcomm.com/product/publicresources/securitybulletin/january-2023-bulletin.html

Trust: 0.8

title:Qualcomm Chipsets Enter the fix for the verification error vulnerabilityurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=221579

Trust: 0.6

title: - url:https://github.com/Live-Hack-CVE/CVE-2022-33218

Trust: 0.1

sources: VULMON: CVE-2022-33218 // JVNDB: JVNDB-2022-004712 // CNNVD: CNNVD-202301-575

EXTERNAL IDS

db:NVDid:CVE-2022-33218

Trust: 3.3

db:JVNDBid:JVNDB-2022-004712

Trust: 0.8

db:CNNVDid:CNNVD-202301-575

Trust: 0.6

db:VULMONid:CVE-2022-33218

Trust: 0.1

sources: VULMON: CVE-2022-33218 // JVNDB: JVNDB-2022-004712 // CNNVD: CNNVD-202301-575 // NVD: CVE-2022-33218

REFERENCES

url:https://www.qualcomm.com/company/product-security/bulletins/january-2023-bulletin

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2022-33218

Trust: 0.8

url:https://cxsecurity.com/cveshow/cve-2022-33218/

Trust: 0.6

url:https://github.com/live-hack-cve/cve-2022-33218

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULMON: CVE-2022-33218 // JVNDB: JVNDB-2022-004712 // CNNVD: CNNVD-202301-575 // NVD: CVE-2022-33218

SOURCES

db:VULMONid:CVE-2022-33218
db:JVNDBid:JVNDB-2022-004712
db:CNNVDid:CNNVD-202301-575
db:NVDid:CVE-2022-33218

LAST UPDATE DATE

2024-08-14T14:37:06.727000+00:00


SOURCES UPDATE DATE

db:VULMONid:CVE-2022-33218date:2023-01-09T00:00:00
db:JVNDBid:JVNDB-2022-004712date:2023-04-28T08:18:00
db:CNNVDid:CNNVD-202301-575date:2023-01-16T00:00:00
db:NVDid:CVE-2022-33218date:2023-08-08T14:21:49.707

SOURCES RELEASE DATE

db:VULMONid:CVE-2022-33218date:2023-01-09T00:00:00
db:JVNDBid:JVNDB-2022-004712date:2023-04-28T00:00:00
db:CNNVDid:CNNVD-202301-575date:2023-01-09T00:00:00
db:NVDid:CVE-2022-33218date:2023-01-09T08:15:11.807