Qualcomm Snapdragon Auto EAPOL Key Length out-of-bounds read

EntryeditHistoryDiffjsonxmlCTI

A vulnerability was found in Qualcomm Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music and Snapdragon Wired Infrastructure and Networking (Chip Software). It has been rated as problematic. This issue affects an unknown functionality of the component EAPOL Key Length Handler. Upgrading eliminates this vulnerability.

Field06/09/2021 08:24 PM06/11/2021 03:57 PM
cvss3_vuldb_uiNN
cvss3_vuldb_eXX
cvss2_vuldb_basescore2.32.3
cvss2_vuldb_tempscore2.32.0
cvss3_vuldb_basescore3.53.5
cvss3_vuldb_tempscore3.53.4
cvss3_meta_basescore3.53.5
cvss3_meta_tempscore3.53.4
price_0day$5k-$25k$5k-$25k
vendorQualcommQualcomm
nameSnapdragon Auto/Snapdragon Compute/Snapdragon Connectivity/Snapdragon Consumer Electronics Connectivity/Snapdragon Consumer IOT/Snapdragon Industrial IOT/Snapdragon IoT/Snapdragon Mobile/Snapdragon Voice & Music/Snapdragon Wired Infrastructure and NetworkingSnapdragon Auto/Snapdragon Compute/Snapdragon Connectivity/Snapdragon Consumer Electronics Connectivity/Snapdragon Consumer IOT/Snapdragon Industrial IOT/Snapdragon IoT/Snapdragon Mobile/Snapdragon Voice & Music/Snapdragon Wired Infrastructure and Networking
componentEAPOL Key Length HandlerEAPOL Key Length Handler
cwe125 (information disclosure)125 (information disclosure)
risk11
cvss3_vuldb_sUU
cvss3_vuldb_cLL
cvss3_vuldb_iNN
cvss3_vuldb_aNN
cvss3_vuldb_rlOO
cvss3_vuldb_rcCC
urlhttps://www.qualcomm.com/company/product-security/bulletins/january-2021-bulletinhttps://www.qualcomm.com/company/product-security/bulletins/january-2021-bulletin
nameUpgradeUpgrade
cveCVE-2020-11241CVE-2020-11241
date1623189600 (06/09/2021)1623189600 (06/09/2021)
typeChip SoftwareChip Software
cvss2_vuldb_ciPP
cvss2_vuldb_iiNN
cvss2_vuldb_aiNN
cvss2_vuldb_rcCC
cvss2_vuldb_rlOFOF
cvss2_vuldb_avAA
cvss2_vuldb_acMM
cvss2_vuldb_auSS
cvss2_vuldb_eNDND
cvss3_vuldb_avAA
cvss3_vuldb_acLL
cvss3_vuldb_prLL
cve_assigned1585605600
cve_nvd_summaryOut of bound read will happen if EAPOL Key length is less than expected while processing NAN shared key descriptor attribute in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
confirm_urlhttps://www.qualcomm.com/company/product-security/bulletins/january-2021-bulletin

Might our Artificial Intelligence support you?

Check our Alexa App!