CVE-2024-33064

nvd nist

Published: Oct 7, 2024Modified: Oct 16, 2024

8.2

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L

Exploitability: 3.9 / Impact: 4.2

Source: product-security@qualcomm.com (Secondary)

Description

Information disclosure while parsing the multiple MBSSID IEs from the beacon.

Affected (5)

Products: Qualcomm: Qca6574au Firmware, Qca6574a Firmware, Qca6564au Firmware, Qca6564a Firmware, Mdm9628 Firmware

5 products

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Qca6574au Firmware	All versions

Running on/with	Platform Versions
Qualcomm Qca6574au	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Qca6574a Firmware	All versions

Running on/with	Platform Versions
Qualcomm Qca6574a	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Qca6564au Firmware	All versions

Running on/with	Platform Versions
Qualcomm Qca6564au	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Qca6564a Firmware	All versions

Running on/with	Platform Versions
Qualcomm Qca6564a	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Mdm9628 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Mdm9628	All versions

Related CWEs

CWE-125

Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

CWE-126

Buffer Over-read

The product reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations after the targeted buffer.

References (1)

https://docs.qualcomm.com/product/publicresources/securitybulletin/october-2024-bulletin.html

Source: product-security@qualcomm.com

Vendor Advisory

Timeline

No history available yet.