← Back

CVE-2020-3646

nvd nist
Published: Sep 8, 2020Modified: Nov 21, 2024

JSON object

Loading...
7.8
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitability: 1.8 / Impact: 5.9
Source: NVD

Description

u'Buffer overflow seen as the destination buffer size is lesser than the source buffer size in video application' in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in Bitra, MSM8909W, QCM2150, QCS405, QCS605, Saipan, SC8180X, SDA845, SDM429W, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR2130

Affected (16)

Qualcomm
16 products
Bitra Firmware
Msm8909w Firmware
Qcm2150 Firmware
Qcs405 Firmware
Qcs605 Firmware
Saipan Firmware
Sc8180x Firmware
Sda845 Firmware
Sdm429w Firmware
Sdx24 Firmware
Sdx55 Firmware
Sm6150 Firmware
Sm7150 Firmware
Sm8150 Firmware
Sm8250 Firmware
Sxr2130 Firmware
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Bitra Firmware
All versions
Running on/withPlatform Versions
Qualcomm
Bitra
All versions
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Msm8909w Firmware
All versions
Running on/withPlatform Versions
Qualcomm
Msm8909w
All versions
Configuration C
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Qcm2150 Firmware
All versions
Running on/withPlatform Versions
Qualcomm
Qcm2150
All versions
Configuration D
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Qcs405 Firmware
All versions
Running on/withPlatform Versions
Qualcomm
Qcs405
All versions
Configuration E
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Qcs605 Firmware
All versions
Running on/withPlatform Versions
Qualcomm
Qcs605
All versions
Configuration F
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Saipan Firmware
All versions
Running on/withPlatform Versions
Qualcomm
Saipan
All versions
Configuration G
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Sc8180x Firmware
All versions
Running on/withPlatform Versions
Qualcomm
Sc8180x
All versions
Configuration H
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Sda845 Firmware
All versions
Running on/withPlatform Versions
Qualcomm
Sda845
All versions
Configuration I
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Sdm429w Firmware
All versions
Running on/withPlatform Versions
Qualcomm
Sdm429w
All versions
Configuration J
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Sdx24 Firmware
All versions
Running on/withPlatform Versions
Qualcomm
Sdx24
All versions
Configuration K
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Sdx55 Firmware
All versions
Running on/withPlatform Versions
Qualcomm
Sdx55
All versions
Configuration L
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Sm6150 Firmware
All versions
Running on/withPlatform Versions
Qualcomm
Sm6150
All versions
Configuration M
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Sm7150 Firmware
All versions
Running on/withPlatform Versions
Qualcomm
Sm7150
All versions
Configuration N
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Sm8150 Firmware
All versions
Running on/withPlatform Versions
Qualcomm
Sm8150
All versions
Configuration O
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Sm8250 Firmware
All versions
Running on/withPlatform Versions
Qualcomm
Sm8250
All versions
Configuration P
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Sxr2130 Firmware
All versions
Running on/withPlatform Versions
Qualcomm
Sxr2130
All versions

Related CWEs

CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

References (3)

Source: product-security@qualcomm.com
Broken Link
Source: nvd@nist.gov
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link

Timeline

No history available yet.