CVE-2020-11134

CRITICAL

Qualcomm Firmware - Stack-Based Buffer Overflow via NAN Management Frame Attribute Validation

Title source: llm

Description

Possible stack out of bound write might happen due to time bitmap length and bit duration fields of the attributes like NAN ranging setup attribute inside a NAN management frame are not Properly validated in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking

References (1)

Core 1

Core References

Vendor Advisory x_refsource_confirm

https://www.qualcomm.com/company/product-security/bulletins/january-2021-bulletin

Scores

CVSS v3 9.8

EPSS 0.0033

EPSS Percentile 56.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-129 CWE-787

Status published

Products (50)

qualcomm/aqt1000_firmware

qualcomm/ar8031_firmware

qualcomm/ar8035_firmware

qualcomm/csr8811_firmware

qualcomm/csra6620_firmware

qualcomm/csra6640_firmware

qualcomm/ipq5010_firmware

qualcomm/ipq5018_firmware

qualcomm/ipq6000_firmware

qualcomm/ipq6005_firmware

... and 40 more

Published Jun 09, 2021

Tracked Since Feb 18, 2026