Description
Buffer over-read while UE process invalid DL ROHC packet for decompression due to lack of check of size of compresses packet in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
References (2)
Core 2
Core References
Broken Link x_refsource_confirm
https://www.qualcomm.com/company/product-security/bulletins/december-2020-bulletin
Scores
CVSS v3
9.1
EPSS
0.0029
EPSS Percentile
52.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
Details
CWE
CWE-125
CWE-20
Status
published
Products (50)
qualcomm/apq8009
qualcomm/apq8009w
qualcomm/apq8017
qualcomm/apq8037
qualcomm/apq8053
qualcomm/apq8084
qualcomm/apq8096au
qualcomm/aqt1000
qualcomm/ar6003
qualcomm/ar8035
... and 40 more
Published
Jan 21, 2021
Tracked Since
Feb 18, 2026