Information disclosure in Modem due to buffer over-read while parsing the wms message received given the buffer and its length.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors Products
Qualcomm
  • Wcd9306
  • Mdm9206 Firmware
  • Mdm9206
  • Mdm9205 Firmware
  • Snapdragon Wear 1100 Firmware
  • Mdm8207 Firmware
  • Qts110
  • Snapdragon Wear 1200 Firmware
  • Mdm8207
  • Wcd9330
  • Mdm9205
  • Snapdragon Wear 1300 Firmware
  • Qts110 Firmware
  • Snapdragon Wear 1200
  • Qca4004 Firmware
  • Snapdragon X5 Lte Modem
  • Wcd9306 Firmware
  • Wcd9330 Firmware
  • Snapdragon Wear 1300
  • Qca4004
  • Mdm9207 Firmware
  • Snapdragon X5 Lte Modem Firmware
  • Mdm9207
  • Snapdragon Wear 1100

Configuration 1 [-]

AND
cpe:2.3:o:qualcomm:mdm8207_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:mdm8207:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND
cpe:2.3:o:qualcomm:mdm9205_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:mdm9205:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND
cpe:2.3:o:qualcomm:mdm9206_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:mdm9206:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND
cpe:2.3:o:qualcomm:mdm9207_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:mdm9207:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND
cpe:2.3:o:qualcomm:qca4004_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:qca4004:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND
cpe:2.3:o:qualcomm:qts110_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:qts110:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND
cpe:2.3:o:qualcomm:snapdragon_wear_1100_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:snapdragon_wear_1100:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND
cpe:2.3:o:qualcomm:snapdragon_wear_1200_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:snapdragon_wear_1200:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND
cpe:2.3:o:qualcomm:snapdragon_wear_1300_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:snapdragon_wear_1300:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND
cpe:2.3:o:qualcomm:snapdragon_x5_lte_modem_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:snapdragon_x5_lte_modem:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND
cpe:2.3:o:qualcomm:wcd9306_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:wcd9306:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND
cpe:2.3:o:qualcomm:wcd9330_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:wcd9330:-:*:*:*:*:*:*:*
References
Link Resource
https://www.qualcomm.com/company/product-security/bulletins/april-2023-bulletin Vendor Advisory
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: qualcomm

Published: 2023-04-04T04:46:44.921Z

Updated: 2024-04-12T16:29:31.570Z

Reserved: 2022-06-14T10:44:39.611Z

Link: CVE-2022-33295

JSON object: View

cve-icon NVD Information

Status : Modified

Published: 2023-04-13T07:15:18.300

Modified: 2024-04-12T17:16:25.133

Link: CVE-2022-33295

JSON object: View

cve-icon Redhat Information

No data.

CWE