CVE-2022-33211

nvd nist

Published: Apr 13, 2023Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

memory corruption in modem due to improper check while calculating size of serialized CoAP message

Affected (12)

Products: Qualcomm: Mdm8207 Firmware, Mdm9205 Firmware, Mdm9206 Firmware, Mdm9207 Firmware, Qca4004 Firmware, Qts110 Firmware, Snapdragon Wear 1100 Firmware, Snapdragon Wear 1200 Firmware, Snapdragon Wear 1300 Firmware, Snapdragon X5 Lte Modem Firmware, Wcd9306 Firmware, Wcd9330 Firmware

12 products

Snapdragon Wear 1100 Firmware

Snapdragon Wear 1200 Firmware

Snapdragon Wear 1300 Firmware

Snapdragon X5 Lte Modem Firmware

Wcd9306 Firmware

Wcd9330 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Mdm8207 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Mdm8207	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Mdm9205 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Mdm9205	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Mdm9206 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Mdm9206	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Mdm9207 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Mdm9207	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Qca4004 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Qca4004	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Qts110 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Qts110	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Snapdragon Wear 1100 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Snapdragon Wear 1100	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Snapdragon Wear 1200 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Snapdragon Wear 1200	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Snapdragon Wear 1300 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Snapdragon Wear 1300	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Snapdragon X5 Lte Modem Firmware	All versions

Running on/with	Platform Versions
Qualcomm Snapdragon X5 Lte Modem	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Wcd9306 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Wcd9306	All versions

Configuration L

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Wcd9330 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Wcd9330	All versions

Related CWEs

CWE-131

Incorrect Calculation of Buffer Size

The product does not correctly calculate the size to be used when allocating a buffer, which could lead to a buffer overflow.

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (2)

https://www.qualcomm.com/company/product-security/bulletins/april-2023-bulletin

Source: product-security@qualcomm.com

Vendor Advisory

https://www.qualcomm.com/company/product-security/bulletins/april-2023-bulletin

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.