CVE-2020-11114

Published: Nov 2, 2020Modified: Nov 21, 2024

8.8

Vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

u'Bluetooth devices does not properly restrict the L2CAP payload length allowing users in radio range to cause a buffer overflow via a crafted Link Layer packet(Equivalent to CVE-2019-17060,CVE-2019-17061 and CVE-2019-17517 in Sweyntooth paper)' in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music in AR9344

Affected (1)

Products: Qualcomm: Ar9344 Firmware

1 product

Ar9344 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Ar9344 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Ar9344	All versions

Related CWEs

Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

References (3)

https://www.qualcomm.com/company/product-security/bulletins/october-2020-bulletin

Source: product-security@qualcomm.com

Broken Link

https://www.qualcomm.com/company/product-security/bulletins/october-2020-security-bulletin

Source: nvd@nist.gov

Vendor Advisory

https://www.qualcomm.com/company/product-security/bulletins/october-2020-bulletin

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

Timeline

No history available yet.