CVE-2020-11205

CVE Database · CVE-2020-11205

CVE-2020-11205

· HIGHModified

CVSS v3.1

7.8

EPSS

0.20%

Published

Nov 12, 2020

Modified

Nov 21, 2024

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

u'Possible integer overflow to heap overflow while processing command due to lack of check of packet length received' in Snapdragon Auto, Snapdragon Compute, Snapdragon Mobile in QSM8350, SA6145P, SA6150P, SA6155, SA6155P, SA8150P, SA8155P, SA8195P, SDX55M, SM8250, SM8350, SM8350P, SXR2130, SXR2130P

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-190CWE-787

Affected Products (28)

qualcomm · qsm8350_firmwarevulnerable

qualcomm · qsm8350

qualcomm · sa6145p_firmwarevulnerable

qualcomm · sa6145p

qualcomm · sa6150p_firmwarevulnerable

qualcomm · sa6150p

qualcomm · sa6155_firmwarevulnerable

qualcomm · sa6155

qualcomm · sa6155p_firmwarevulnerable

qualcomm · sa6155p

qualcomm · sa8150p_firmwarevulnerable

· sa8150p

References (2)

https://www.qualcomm.com/company/product-security/bulletins/november-2020-bulletin

Vendor Advisory

https://www.qualcomm.com/company/product-security/bulletins/november-2020-bulletin

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs