Qualcomm Snapdragon Auto Unified Command Parser buffer overflow

EntryeditHistoryDiffjsonxmlCTI

A vulnerability has been found in Qualcomm Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music and Snapdragon Wired Infrastructure and Networking (Chip Software) and classified as critical. Affected by this vulnerability is an unknown code of the component Unified Command Parser. Upgrading eliminates this vulnerability.

Field06/09/2021 04:42 PM06/11/2021 03:33 PM
vendorQualcommQualcomm
nameSnapdragon Auto/Snapdragon Compute/Snapdragon Connectivity/Snapdragon Consumer Electronics Connectivity/Snapdragon Consumer IOT/Snapdragon Industrial IOT/Snapdragon IoT/Snapdragon Mobile/Snapdragon Voice & Music/Snapdragon Wired Infrastructure and NetworkingSnapdragon Auto/Snapdragon Compute/Snapdragon Connectivity/Snapdragon Consumer Electronics Connectivity/Snapdragon Consumer IOT/Snapdragon Industrial IOT/Snapdragon IoT/Snapdragon Mobile/Snapdragon Voice & Music/Snapdragon Wired Infrastructure and Networking
componentUnified Command ParserUnified Command Parser
cwe120 (memory corruption)120 (memory corruption)
risk22
cvss3_vuldb_acLL
cvss3_vuldb_uiNN
cvss3_vuldb_sUU
cvss3_vuldb_cLL
cvss3_vuldb_iLL
cvss3_vuldb_aLL
cvss3_vuldb_rlOO
cvss3_vuldb_rcCC
urlhttps://www.qualcomm.com/company/product-security/bulletins/january-2021-bulletinhttps://www.qualcomm.com/company/product-security/bulletins/january-2021-bulletin
nameUpgradeUpgrade
cveCVE-2020-11235CVE-2020-11235
date1623189600 (06/09/2021)1623189600 (06/09/2021)
typeChip SoftwareChip Software
cvss2_vuldb_acLL
cvss2_vuldb_ciPP
cvss2_vuldb_iiPP
cvss2_vuldb_aiPP
cvss2_vuldb_rcCC
cvss2_vuldb_rlOFOF
cvss2_vuldb_avAA
cvss2_vuldb_auSS
cvss2_vuldb_eNDND
cvss3_vuldb_avAA
cvss3_vuldb_prLL
cvss3_vuldb_eXX
cvss2_vuldb_basescore5.25.2
cvss2_vuldb_tempscore5.24.5
cvss3_vuldb_basescore5.55.5
cvss3_vuldb_tempscore5.55.3
cvss3_meta_basescore5.55.5
cvss3_meta_tempscore5.55.3
price_0day$5k-$25k$5k-$25k
cve_assigned1585605600
cve_nvd_summaryBuffer overflow might occur while parsing unified command due to lack of check of input data received in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
confirm_urlhttps://www.qualcomm.com/company/product-security/bulletins/january-2021-bulletin

Do you know our Splunk app?

Download it now for free!