Qualcomm Snapdragon Auto IPSec Server heap-based overflow

EntryeditHistoryDiffjsonxmlCTI

A vulnerability classified as very critical was found in Qualcomm Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT and Snapdragon Mobile (Chip Software). This vulnerability affects an unknown functionality of the component IPSec Server. Upgrading eliminates this vulnerability.

Field06/09/2021 04:39 PM06/11/2021 03:10 PM06/11/2021 03:15 PM
vendorQualcommQualcommQualcomm
nameSnapdragon Auto/Snapdragon Compute/Snapdragon Connectivity/Snapdragon Consumer IOT/Snapdragon Industrial IOT/Snapdragon IoT/Snapdragon MobileSnapdragon Auto/Snapdragon Compute/Snapdragon Connectivity/Snapdragon Consumer IOT/Snapdragon Industrial IOT/Snapdragon IoT/Snapdragon MobileSnapdragon Auto/Snapdragon Compute/Snapdragon Connectivity/Snapdragon Consumer IOT/Snapdragon Industrial IOT/Snapdragon IoT/Snapdragon Mobile
componentIPSec ServerIPSec ServerIPSec Server
cwe122 (memory corruption)122 (memory corruption)122 (memory corruption)
risk222
cvss3_vuldb_avNNN
cvss3_vuldb_acLLL
cvss3_vuldb_prNNN
cvss3_vuldb_uiNNN
cvss3_vuldb_sUUU
cvss3_vuldb_cHHH
cvss3_vuldb_iHHH
cvss3_vuldb_aHHH
cvss3_vuldb_rlOOO
cvss3_vuldb_rcCCC
urlhttps://www.qualcomm.com/company/product-security/bulletins/june-2021-bulletinhttps://www.qualcomm.com/company/product-security/bulletins/june-2021-bulletinhttps://www.qualcomm.com/company/product-security/bulletins/june-2021-bulletin
nameUpgradeUpgradeUpgrade
cveCVE-2020-11176CVE-2020-11176CVE-2020-11176
date1623189600 (06/09/2021)1623189600 (06/09/2021)1623189600 (06/09/2021)
typeChip SoftwareChip SoftwareChip Software
cvss2_vuldb_avNNN
cvss2_vuldb_acLLL
cvss2_vuldb_auNNN
cvss2_vuldb_ciCCC
cvss2_vuldb_iiCCC
cvss2_vuldb_aiCCC
cvss2_vuldb_rcCCC
cvss2_vuldb_rlOFOFOF
cvss2_vuldb_eNDNDND
cvss3_vuldb_eXXX
cvss2_vuldb_basescore10.010.010.0
cvss2_vuldb_tempscore10.08.78.7
cvss3_vuldb_basescore9.89.89.8
cvss3_vuldb_tempscore9.89.49.4
cvss3_meta_basescore9.89.89.8
cvss3_meta_tempscore9.89.49.4
price_0day$25k-$100k$25k-$100k$25k-$100k
cve_assigned15856056001585605600
cve_nvd_summaryWhile processing server certificate from IPSec server, certificate validation for subject alternative name API can cause heap overflow which can lead to memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon MobileWhile processing server certificate from IPSec server, certificate validation for subject alternative name API can cause heap overflow which can lead to memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile
confirm_urlhttps://www.qualcomm.com/company/product-security/bulletins/june-2021-bulletinhttps://www.qualcomm.com/company/product-security/bulletins/june-2021-bulletin
cve_cnaQualcomm, Inc.

Do you know our Splunk app?

Download it now for free!