Common Weakness Enumeration

CWE-131

Allowed

Incorrect Calculation of Buffer Size

Abstraction: Base · Status: Draft

The product does not correctly calculate the size to be used when allocating a buffer, which could lead to a buffer overflow.

270 vulnerabilities reference this CWE, most recent first.

CVE-2025-27074 (GCVE-0-2025-27074)

Vulnerability from cvelistv5 – Published: 2025-11-04 03:19 – Updated: 2026-02-26 17:47
VLAI
Title
Incorrect Calculation of Buffer Size in SCE-Mink
Summary
Memory corruption while processing a GP command response.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-131 - Incorrect Calculation of Buffer Size
Assigner
Impacted products
Vendor Product Version
Qualcomm, Inc. Snapdragon Affected: APQ8064AU
Affected: CSR8811
Affected: Immersive Home 214 Platform
Affected: Immersive Home 216 Platform
Affected: Immersive Home 316 Platform
Affected: Immersive Home 318 Platform
Affected: IPQ5010
Affected: IPQ5028
Affected: IPQ8070
Affected: IPQ8070A
Affected: IPQ8071
Affected: IPQ8071A
Affected: IPQ8072
Affected: IPQ8072A
Affected: IPQ8074
Affected: IPQ8074A
Affected: IPQ8076
Affected: IPQ8076A
Affected: IPQ8078
Affected: IPQ8078A
Affected: IPQ8173
Affected: IPQ8174
Affected: IPQ9008
Affected: IPQ9574
Affected: MDM9640
Affected: MDM9650
Affected: MSM8996AU
Affected: PMP8074
Affected: QCA4024
Affected: QCA6174A
Affected: QCA6234
Affected: QCA6310
Affected: QCA6320
Affected: QCA6428
Affected: QCA6438
Affected: QCA6564A
Affected: QCA6564AU
Affected: QCA6574
Affected: QCA6574A
Affected: QCA6574AU
Affected: QCA6584AU
Affected: QCA6694
Affected: QCA8072
Affected: QCA8075
Affected: QCA8081
Affected: QCA9888
Affected: QCA9889
Affected: QCA9984
Affected: QCN5022
Affected: QCN5024
Affected: QCN5052
Affected: QCN5054
Affected: QCN5064
Affected: QCN5122
Affected: QCN5124
Affected: QCN5152
Affected: QCN5154
Affected: QCN5164
Affected: QCN5550
Affected: QCN6023
Affected: QCN6024
Affected: QCN6100
Affected: QCN6102
Affected: QCN6112
Affected: QCN6122
Affected: QCN6132
Affected: QCN9000
Affected: QCN9001
Affected: QCN9002
Affected: QCN9003
Affected: QCN9012
Affected: QCN9022
Affected: QCN9024
Affected: QCN9070
Affected: QCN9072
Affected: QCN9074
Affected: QCN9100
Affected: QCN9274
Affected: SD820
Affected: SD821
Affected: SDM429W
Affected: SDX55
Affected: Snapdragon 429 Mobile Platform
Affected: Snapdragon 820 Automotive Platform
Affected: Snapdragon 820 Mobile Platform
Affected: Snapdragon 821 Mobile Platform
Affected: Snapdragon Wear 4100+ Platform
Affected: WCD9335
Affected: WCN3610
Affected: WCN3620
Affected: WCN3660B
Affected: WCN3680B
Affected: WCN3980
Affected: WSA8810
Affected: WSA8815
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-27074",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-11-04T04:55:18.844570Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-26T17:47:31.803Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Snapdragon Auto",
            "Snapdragon Consumer IOT",
            "Snapdragon Industrial IOT",
            "Snapdragon Mobile",
            "Snapdragon Wearables",
            "Snapdragon Wired Infrastructure and Networking"
          ],
          "product": "Snapdragon",
          "vendor": "Qualcomm, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "APQ8064AU"
            },
            {
              "status": "affected",
              "version": "CSR8811"
            },
            {
              "status": "affected",
              "version": "Immersive Home 214 Platform"
            },
            {
              "status": "affected",
              "version": "Immersive Home 216 Platform"
            },
            {
              "status": "affected",
              "version": "Immersive Home 316 Platform"
            },
            {
              "status": "affected",
              "version": "Immersive Home 318 Platform"
            },
            {
              "status": "affected",
              "version": "IPQ5010"
            },
            {
              "status": "affected",
              "version": "IPQ5028"
            },
            {
              "status": "affected",
              "version": "IPQ8070"
            },
            {
              "status": "affected",
              "version": "IPQ8070A"
            },
            {
              "status": "affected",
              "version": "IPQ8071"
            },
            {
              "status": "affected",
              "version": "IPQ8071A"
            },
            {
              "status": "affected",
              "version": "IPQ8072"
            },
            {
              "status": "affected",
              "version": "IPQ8072A"
            },
            {
              "status": "affected",
              "version": "IPQ8074"
            },
            {
              "status": "affected",
              "version": "IPQ8074A"
            },
            {
              "status": "affected",
              "version": "IPQ8076"
            },
            {
              "status": "affected",
              "version": "IPQ8076A"
            },
            {
              "status": "affected",
              "version": "IPQ8078"
            },
            {
              "status": "affected",
              "version": "IPQ8078A"
            },
            {
              "status": "affected",
              "version": "IPQ8173"
            },
            {
              "status": "affected",
              "version": "IPQ8174"
            },
            {
              "status": "affected",
              "version": "IPQ9008"
            },
            {
              "status": "affected",
              "version": "IPQ9574"
            },
            {
              "status": "affected",
              "version": "MDM9640"
            },
            {
              "status": "affected",
              "version": "MDM9650"
            },
            {
              "status": "affected",
              "version": "MSM8996AU"
            },
            {
              "status": "affected",
              "version": "PMP8074"
            },
            {
              "status": "affected",
              "version": "QCA4024"
            },
            {
              "status": "affected",
              "version": "QCA6174A"
            },
            {
              "status": "affected",
              "version": "QCA6234"
            },
            {
              "status": "affected",
              "version": "QCA6310"
            },
            {
              "status": "affected",
              "version": "QCA6320"
            },
            {
              "status": "affected",
              "version": "QCA6428"
            },
            {
              "status": "affected",
              "version": "QCA6438"
            },
            {
              "status": "affected",
              "version": "QCA6564A"
            },
            {
              "status": "affected",
              "version": "QCA6564AU"
            },
            {
              "status": "affected",
              "version": "QCA6574"
            },
            {
              "status": "affected",
              "version": "QCA6574A"
            },
            {
              "status": "affected",
              "version": "QCA6574AU"
            },
            {
              "status": "affected",
              "version": "QCA6584AU"
            },
            {
              "status": "affected",
              "version": "QCA6694"
            },
            {
              "status": "affected",
              "version": "QCA8072"
            },
            {
              "status": "affected",
              "version": "QCA8075"
            },
            {
              "status": "affected",
              "version": "QCA8081"
            },
            {
              "status": "affected",
              "version": "QCA9888"
            },
            {
              "status": "affected",
              "version": "QCA9889"
            },
            {
              "status": "affected",
              "version": "QCA9984"
            },
            {
              "status": "affected",
              "version": "QCN5022"
            },
            {
              "status": "affected",
              "version": "QCN5024"
            },
            {
              "status": "affected",
              "version": "QCN5052"
            },
            {
              "status": "affected",
              "version": "QCN5054"
            },
            {
              "status": "affected",
              "version": "QCN5064"
            },
            {
              "status": "affected",
              "version": "QCN5122"
            },
            {
              "status": "affected",
              "version": "QCN5124"
            },
            {
              "status": "affected",
              "version": "QCN5152"
            },
            {
              "status": "affected",
              "version": "QCN5154"
            },
            {
              "status": "affected",
              "version": "QCN5164"
            },
            {
              "status": "affected",
              "version": "QCN5550"
            },
            {
              "status": "affected",
              "version": "QCN6023"
            },
            {
              "status": "affected",
              "version": "QCN6024"
            },
            {
              "status": "affected",
              "version": "QCN6100"
            },
            {
              "status": "affected",
              "version": "QCN6102"
            },
            {
              "status": "affected",
              "version": "QCN6112"
            },
            {
              "status": "affected",
              "version": "QCN6122"
            },
            {
              "status": "affected",
              "version": "QCN6132"
            },
            {
              "status": "affected",
              "version": "QCN9000"
            },
            {
              "status": "affected",
              "version": "QCN9001"
            },
            {
              "status": "affected",
              "version": "QCN9002"
            },
            {
              "status": "affected",
              "version": "QCN9003"
            },
            {
              "status": "affected",
              "version": "QCN9012"
            },
            {
              "status": "affected",
              "version": "QCN9022"
            },
            {
              "status": "affected",
              "version": "QCN9024"
            },
            {
              "status": "affected",
              "version": "QCN9070"
            },
            {
              "status": "affected",
              "version": "QCN9072"
            },
            {
              "status": "affected",
              "version": "QCN9074"
            },
            {
              "status": "affected",
              "version": "QCN9100"
            },
            {
              "status": "affected",
              "version": "QCN9274"
            },
            {
              "status": "affected",
              "version": "SD820"
            },
            {
              "status": "affected",
              "version": "SD821"
            },
            {
              "status": "affected",
              "version": "SDM429W"
            },
            {
              "status": "affected",
              "version": "SDX55"
            },
            {
              "status": "affected",
              "version": "Snapdragon 429 Mobile Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 820 Automotive Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 820 Mobile Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 821 Mobile Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon Wear 4100+ Platform"
            },
            {
              "status": "affected",
              "version": "WCD9335"
            },
            {
              "status": "affected",
              "version": "WCN3610"
            },
            {
              "status": "affected",
              "version": "WCN3620"
            },
            {
              "status": "affected",
              "version": "WCN3660B"
            },
            {
              "status": "affected",
              "version": "WCN3680B"
            },
            {
              "status": "affected",
              "version": "WCN3980"
            },
            {
              "status": "affected",
              "version": "WSA8810"
            },
            {
              "status": "affected",
              "version": "WSA8815"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Memory corruption while processing a GP command response."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-131",
              "description": "CWE-131 Incorrect Calculation of Buffer Size",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-11-04T03:19:13.447Z",
        "orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
        "shortName": "qualcomm"
      },
      "references": [
        {
          "url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/november-2025-bulletin.html"
        }
      ],
      "title": "Incorrect Calculation of Buffer Size in SCE-Mink"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
    "assignerShortName": "qualcomm",
    "cveId": "CVE-2025-27074",
    "datePublished": "2025-11-04T03:19:13.447Z",
    "dateReserved": "2025-02-18T09:19:46.888Z",
    "dateUpdated": "2026-02-26T17:47:31.803Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-27053 (GCVE-0-2025-27053)

Vulnerability from cvelistv5 – Published: 2025-10-09 03:18 – Updated: 2026-02-26 17:48
VLAI
Title
Incorrect Calculation of Buffer Size in HLOS
Summary
Memory corruption during PlayReady APP usecase while processing TA commands.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-131 - Incorrect Calculation of Buffer Size
Assigner
Impacted products
Vendor Product Version
Qualcomm, Inc. Snapdragon Affected: 315 5G IoT Modem
Affected: 9205 LTE Modem
Affected: 9206 LTE Modem
Affected: 9207 LTE Modem
Affected: APQ8017
Affected: APQ8037
Affected: APQ8064AU
Affected: AQT1000
Affected: AR8031
Affected: AR8035
Affected: C-V2X 9150
Affected: CSRA6620
Affected: CSRA6640
Affected: CSRB31024
Affected: FastConnect 6200
Affected: FastConnect 6700
Affected: FastConnect 6800
Affected: FastConnect 6900
Affected: FastConnect 7800
Affected: Flight RB5 5G Platform
Affected: Home Hub 100 Platform
Affected: MDM8207
Affected: MDM9205S
Affected: MDM9250
Affected: MDM9628
Affected: MDM9640
Affected: MDM9650
Affected: MSM8996AU
Affected: PM8937
Affected: QAM8255P
Affected: QAM8295P
Affected: QAM8620P
Affected: QAM8650P
Affected: QAM8775P
Affected: QAMSRV1H
Affected: QAMSRV1M
Affected: QCA4004
Affected: QCA6174A
Affected: QCA6234
Affected: QCA6310
Affected: QCA6320
Affected: QCA6335
Affected: QCA6391
Affected: QCA6420
Affected: QCA6421
Affected: QCA6426
Affected: QCA6430
Affected: QCA6431
Affected: QCA6436
Affected: QCA6564
Affected: QCA6564A
Affected: QCA6564AU
Affected: QCA6574
Affected: QCA6574A
Affected: QCA6574AU
Affected: QCA6584AU
Affected: QCA6595
Affected: QCA6595AU
Affected: QCA6678AQ
Affected: QCA6688AQ
Affected: QCA6696
Affected: QCA6698AQ
Affected: QCA6698AU
Affected: QCA6797AQ
Affected: QCA8081
Affected: QCA8337
Affected: QCA8386
Affected: QCA8695AU
Affected: QCA9367
Affected: QCA9377
Affected: QCA9379
Affected: QCC2072
Affected: QCC710
Affected: QCC711
Affected: QCF8001
Affected: QCM2150
Affected: QCM2290
Affected: QCM4290
Affected: QCM4325
Affected: QCM4490
Affected: QCM5430
Affected: QCM6125
Affected: QCM6490
Affected: QCM6690
Affected: QCM8550
Affected: QCN6024
Affected: QCN6224
Affected: QCN6274
Affected: QCN7606
Affected: QCN9011
Affected: QCN9012
Affected: QCN9024
Affected: QCN9074
Affected: QCN9274
Affected: QCS2290
Affected: QCS410
Affected: QCS4290
Affected: QCS4490
Affected: QCS5430
Affected: QCS610
Affected: QCS6125
Affected: QCS615
Affected: QCS6490
Affected: QCS6690
Affected: QCS7230
Affected: QCS8155
Affected: QCS8250
Affected: QCS8300
Affected: QCS8550
Affected: QCS9100
Affected: QDU1000
Affected: QDU1010
Affected: QDU1110
Affected: QDU1210
Affected: QDX1010
Affected: QDX1011
Affected: QEP8111
Affected: QFW7114
Affected: QFW7124
Affected: QMP1000
Affected: QRB5165M
Affected: QRB5165N
Affected: QRU1032
Affected: QRU1052
Affected: QRU1062
Affected: QSM8250
Affected: QSM8350
Affected: QTS110
Affected: Qualcomm 215 Mobile Platform
Affected: Qualcomm Video Collaboration VC1 Platform
Affected: Qualcomm Video Collaboration VC3 Platform
Affected: Qualcomm Video Collaboration VC5 Platform
Affected: Robotics RB2 Platform
Affected: Robotics RB3 Platform
Affected: Robotics RB5 Platform
Affected: SA2150P
Affected: SA4150P
Affected: SA4155P
Affected: SA6145P
Affected: SA6150P
Affected: SA6155
Affected: SA6155P
Affected: SA7255P
Affected: SA7775P
Affected: SA8145P
Affected: SA8150P
Affected: SA8155
Affected: SA8155P
Affected: SA8195P
Affected: SA8255P
Affected: SA8295P
Affected: SA8530P
Affected: SA8540P
Affected: SA8620P
Affected: SA8650P
Affected: SA8770P
Affected: SA8775P
Affected: SA9000P
Affected: SC8180X+SDX55
Affected: SC8380XP
Affected: SD 675
Affected: SD 8 Gen1 5G
Affected: SD626
Affected: SD670
Affected: SD675
Affected: SD730
Affected: SD820
Affected: SD821
Affected: SD855
Affected: SD865 5G
Affected: SD888
Affected: SDM429W
Affected: SDX55
Affected: SDX61
Affected: SDX82
Affected: SDX85
Affected: SG4150P
Affected: SG6150
Affected: SG6150P
Affected: SG8275P
Affected: SM4125
Affected: SM4635
Affected: SM6225P
Affected: SM6250
Affected: SM6250P
Affected: SM6370
Affected: SM6650
Affected: SM6650P
Affected: SM7250P
Affected: SM7315
Affected: SM7325P
Affected: SM7635
Affected: SM7635P
Affected: SM7675
Affected: SM7675P
Affected: SM8550P
Affected: SM8635
Affected: SM8635P
Affected: SM8650Q
Affected: SM8735
Affected: SM8750
Affected: SM8750P
Affected: SM8850
Affected: SM8850P
Affected: Smart Audio 400 Platform
Affected: Smart Display 200 Platform (APQ5053-AA)
Affected: Snapdragon 1100 Wearable Platform
Affected: Snapdragon 1200 Wearable Platform
Affected: Snapdragon 4 Gen 1 Mobile Platform
Affected: Snapdragon 4 Gen 2 Mobile Platform
Affected: Snapdragon 425 Mobile Platform
Affected: Snapdragon 427 Mobile Platform
Affected: Snapdragon 429 Mobile Platform
Affected: Snapdragon 430 Mobile Platform
Affected: Snapdragon 435 Mobile Platform
Affected: Snapdragon 439 Mobile Platform
Affected: Snapdragon 450 Mobile Platform
Affected: Snapdragon 460 Mobile Platform
Affected: Snapdragon 480 5G Mobile Platform
Affected: Snapdragon 480+ 5G Mobile Platform (SM4350-AC)
Affected: Snapdragon 625 Mobile Platform
Affected: Snapdragon 626 Mobile Platform
Affected: Snapdragon 632 Mobile Platform
Affected: Snapdragon 662 Mobile Platform
Affected: Snapdragon 665 Mobile Platform
Affected: Snapdragon 670 Mobile Platform
Affected: Snapdragon 675 Mobile Platform
Affected: Snapdragon 678 Mobile Platform (SM6150-AC)
Affected: Snapdragon 680 4G Mobile Platform
Affected: Snapdragon 685 4G Mobile Platform (SM6225-AD)
Affected: Snapdragon 690 5G Mobile Platform
Affected: Snapdragon 695 5G Mobile Platform
Affected: Snapdragon 710 Mobile Platform
Affected: Snapdragon 712 Mobile Platform
Affected: Snapdragon 720G Mobile Platform
Affected: Snapdragon 730 Mobile Platform (SM7150-AA)
Affected: Snapdragon 730G Mobile Platform (SM7150-AB)
Affected: Snapdragon 732G Mobile Platform (SM7150-AC)
Affected: Snapdragon 750G 5G Mobile Platform
Affected: Snapdragon 765 5G Mobile Platform (SM7250-AA)
Affected: Snapdragon 765G 5G Mobile Platform (SM7250-AB)
Affected: Snapdragon 768G 5G Mobile Platform (SM7250-AC)
Affected: Snapdragon 778G 5G Mobile Platform
Affected: Snapdragon 778G+ 5G Mobile Platform (SM7325-AE)
Affected: Snapdragon 780G 5G Mobile Platform
Affected: Snapdragon 782G Mobile Platform (SM7325-AF)
Affected: Snapdragon 7c Compute Platform (SC7180-AC)
Affected: Snapdragon 7c Gen 2 Compute Platform (SC7180-AD) "Rennell Pro"
Affected: Snapdragon 7c+ Gen 3 Compute
Affected: Snapdragon 8 Gen 1 Mobile Platform
Affected: Snapdragon 8 Gen 2 Mobile Platform
Affected: Snapdragon 8 Gen 3 Mobile Platform
Affected: Snapdragon 8+ Gen 1 Mobile Platform
Affected: Snapdragon 8+ Gen 2 Mobile Platform
Affected: Snapdragon 820 Automotive Platform
Affected: Snapdragon 820 Mobile Platform
Affected: Snapdragon 821 Mobile Platform
Affected: Snapdragon 845 Mobile Platform
Affected: Snapdragon 855 Mobile Platform
Affected: Snapdragon 855+/860 Mobile Platform (SM8150-AC)
Affected: Snapdragon 865 5G Mobile Platform
Affected: Snapdragon 865+ 5G Mobile Platform (SM8250-AB)
Affected: Snapdragon 870 5G Mobile Platform (SM8250-AC)
Affected: Snapdragon 888 5G Mobile Platform
Affected: Snapdragon 888+ 5G Mobile Platform (SM8350-AC)
Affected: Snapdragon 8c Compute Platform (SC8180X-AD) "Poipu Lite"
Affected: Snapdragon 8c Compute Platform (SC8180XP-AD) "Poipu Lite"
Affected: Snapdragon 8cx Compute Platform (SC8180X-AA, AB)
Affected: Snapdragon 8cx Compute Platform (SC8180XP-AC, AF) "Poipu Pro"
Affected: Snapdragon 8cx Gen 2 5G Compute Platform (SC8180X-AC, AF) "Poipu Pro"
Affected: Snapdragon 8cx Gen 2 5G Compute Platform (SC8180XP-AA, AB)
Affected: Snapdragon 8cx Gen 3 Compute Platform (SC8280XP-AB, BB)
Affected: Snapdragon AR1 Gen 1 Platform
Affected: Snapdragon AR1 Gen 1 Platform "Luna1"
Affected: Snapdragon AR2 Gen 1 Platform
Affected: Snapdragon Auto 5G Modem-RF
Affected: Snapdragon Auto 5G Modem-RF Gen 2
Affected: Snapdragon W5+ Gen 1 Wearable Platform
Affected: Snapdragon Wear 1300 Platform
Affected: Snapdragon Wear 4100+ Platform
Affected: Snapdragon X12 LTE Modem
Affected: Snapdragon X24 LTE Modem
Affected: Snapdragon X32 5G Modem-RF System
Affected: Snapdragon X35 5G Modem-RF System
Affected: Snapdragon X5 LTE Modem
Affected: Snapdragon X50 5G Modem-RF System
Affected: Snapdragon X55 5G Modem-RF System
Affected: Snapdragon X62 5G Modem-RF System
Affected: Snapdragon X65 5G Modem-RF System
Affected: Snapdragon X72 5G Modem-RF System
Affected: Snapdragon X75 5G Modem-RF System
Affected: Snapdragon XR1 Platform
Affected: Snapdragon XR2 5G Platform
Affected: Snapdragon XR2+ Gen 1 Platform
Affected: Snapdragon Auto 4G Modem
Affected: SRV1H
Affected: SRV1L
Affected: SRV1M
Affected: SSG2115P
Affected: SSG2125P
Affected: SW5100
Affected: SW5100P
Affected: SXR1120
Affected: SXR1230P
Affected: SXR2130
Affected: SXR2230P
Affected: SXR2250P
Affected: SXR2330P
Affected: SXR2350P
Affected: TalynPlus
Affected: Vision Intelligence 100 Platform (APQ8053-AA)
Affected: Vision Intelligence 200 Platform (APQ8053-AC)
Affected: Vision Intelligence 300 Platform
Affected: Vision Intelligence 400 Platform
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-27053",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-10T03:55:17.786579Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-26T17:48:08.266Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Snapdragon Auto",
            "Snapdragon CCW",
            "Snapdragon Compute",
            "Snapdragon Connectivity",
            "Snapdragon Consumer IOT",
            "Snapdragon Industrial IOT",
            "Snapdragon IoT",
            "Snapdragon Mobile",
            "Snapdragon Technology",
            "Snapdragon Voice \u0026 Music",
            "Snapdragon WBC",
            "Snapdragon Wearables"
          ],
          "product": "Snapdragon",
          "vendor": "Qualcomm, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "315 5G IoT Modem"
            },
            {
              "status": "affected",
              "version": "9205 LTE Modem"
            },
            {
              "status": "affected",
              "version": "9206 LTE Modem"
            },
            {
              "status": "affected",
              "version": "9207 LTE Modem"
            },
            {
              "status": "affected",
              "version": "APQ8017"
            },
            {
              "status": "affected",
              "version": "APQ8037"
            },
            {
              "status": "affected",
              "version": "APQ8064AU"
            },
            {
              "status": "affected",
              "version": "AQT1000"
            },
            {
              "status": "affected",
              "version": "AR8031"
            },
            {
              "status": "affected",
              "version": "AR8035"
            },
            {
              "status": "affected",
              "version": "C-V2X 9150"
            },
            {
              "status": "affected",
              "version": "CSRA6620"
            },
            {
              "status": "affected",
              "version": "CSRA6640"
            },
            {
              "status": "affected",
              "version": "CSRB31024"
            },
            {
              "status": "affected",
              "version": "FastConnect 6200"
            },
            {
              "status": "affected",
              "version": "FastConnect 6700"
            },
            {
              "status": "affected",
              "version": "FastConnect 6800"
            },
            {
              "status": "affected",
              "version": "FastConnect 6900"
            },
            {
              "status": "affected",
              "version": "FastConnect 7800"
            },
            {
              "status": "affected",
              "version": "Flight RB5 5G Platform"
            },
            {
              "status": "affected",
              "version": "Home Hub 100 Platform"
            },
            {
              "status": "affected",
              "version": "MDM8207"
            },
            {
              "status": "affected",
              "version": "MDM9205S"
            },
            {
              "status": "affected",
              "version": "MDM9250"
            },
            {
              "status": "affected",
              "version": "MDM9628"
            },
            {
              "status": "affected",
              "version": "MDM9640"
            },
            {
              "status": "affected",
              "version": "MDM9650"
            },
            {
              "status": "affected",
              "version": "MSM8996AU"
            },
            {
              "status": "affected",
              "version": "PM8937"
            },
            {
              "status": "affected",
              "version": "QAM8255P"
            },
            {
              "status": "affected",
              "version": "QAM8295P"
            },
            {
              "status": "affected",
              "version": "QAM8620P"
            },
            {
              "status": "affected",
              "version": "QAM8650P"
            },
            {
              "status": "affected",
              "version": "QAM8775P"
            },
            {
              "status": "affected",
              "version": "QAMSRV1H"
            },
            {
              "status": "affected",
              "version": "QAMSRV1M"
            },
            {
              "status": "affected",
              "version": "QCA4004"
            },
            {
              "status": "affected",
              "version": "QCA6174A"
            },
            {
              "status": "affected",
              "version": "QCA6234"
            },
            {
              "status": "affected",
              "version": "QCA6310"
            },
            {
              "status": "affected",
              "version": "QCA6320"
            },
            {
              "status": "affected",
              "version": "QCA6335"
            },
            {
              "status": "affected",
              "version": "QCA6391"
            },
            {
              "status": "affected",
              "version": "QCA6420"
            },
            {
              "status": "affected",
              "version": "QCA6421"
            },
            {
              "status": "affected",
              "version": "QCA6426"
            },
            {
              "status": "affected",
              "version": "QCA6430"
            },
            {
              "status": "affected",
              "version": "QCA6431"
            },
            {
              "status": "affected",
              "version": "QCA6436"
            },
            {
              "status": "affected",
              "version": "QCA6564"
            },
            {
              "status": "affected",
              "version": "QCA6564A"
            },
            {
              "status": "affected",
              "version": "QCA6564AU"
            },
            {
              "status": "affected",
              "version": "QCA6574"
            },
            {
              "status": "affected",
              "version": "QCA6574A"
            },
            {
              "status": "affected",
              "version": "QCA6574AU"
            },
            {
              "status": "affected",
              "version": "QCA6584AU"
            },
            {
              "status": "affected",
              "version": "QCA6595"
            },
            {
              "status": "affected",
              "version": "QCA6595AU"
            },
            {
              "status": "affected",
              "version": "QCA6678AQ"
            },
            {
              "status": "affected",
              "version": "QCA6688AQ"
            },
            {
              "status": "affected",
              "version": "QCA6696"
            },
            {
              "status": "affected",
              "version": "QCA6698AQ"
            },
            {
              "status": "affected",
              "version": "QCA6698AU"
            },
            {
              "status": "affected",
              "version": "QCA6797AQ"
            },
            {
              "status": "affected",
              "version": "QCA8081"
            },
            {
              "status": "affected",
              "version": "QCA8337"
            },
            {
              "status": "affected",
              "version": "QCA8386"
            },
            {
              "status": "affected",
              "version": "QCA8695AU"
            },
            {
              "status": "affected",
              "version": "QCA9367"
            },
            {
              "status": "affected",
              "version": "QCA9377"
            },
            {
              "status": "affected",
              "version": "QCA9379"
            },
            {
              "status": "affected",
              "version": "QCC2072"
            },
            {
              "status": "affected",
              "version": "QCC710"
            },
            {
              "status": "affected",
              "version": "QCC711"
            },
            {
              "status": "affected",
              "version": "QCF8001"
            },
            {
              "status": "affected",
              "version": "QCM2150"
            },
            {
              "status": "affected",
              "version": "QCM2290"
            },
            {
              "status": "affected",
              "version": "QCM4290"
            },
            {
              "status": "affected",
              "version": "QCM4325"
            },
            {
              "status": "affected",
              "version": "QCM4490"
            },
            {
              "status": "affected",
              "version": "QCM5430"
            },
            {
              "status": "affected",
              "version": "QCM6125"
            },
            {
              "status": "affected",
              "version": "QCM6490"
            },
            {
              "status": "affected",
              "version": "QCM6690"
            },
            {
              "status": "affected",
              "version": "QCM8550"
            },
            {
              "status": "affected",
              "version": "QCN6024"
            },
            {
              "status": "affected",
              "version": "QCN6224"
            },
            {
              "status": "affected",
              "version": "QCN6274"
            },
            {
              "status": "affected",
              "version": "QCN7606"
            },
            {
              "status": "affected",
              "version": "QCN9011"
            },
            {
              "status": "affected",
              "version": "QCN9012"
            },
            {
              "status": "affected",
              "version": "QCN9024"
            },
            {
              "status": "affected",
              "version": "QCN9074"
            },
            {
              "status": "affected",
              "version": "QCN9274"
            },
            {
              "status": "affected",
              "version": "QCS2290"
            },
            {
              "status": "affected",
              "version": "QCS410"
            },
            {
              "status": "affected",
              "version": "QCS4290"
            },
            {
              "status": "affected",
              "version": "QCS4490"
            },
            {
              "status": "affected",
              "version": "QCS5430"
            },
            {
              "status": "affected",
              "version": "QCS610"
            },
            {
              "status": "affected",
              "version": "QCS6125"
            },
            {
              "status": "affected",
              "version": "QCS615"
            },
            {
              "status": "affected",
              "version": "QCS6490"
            },
            {
              "status": "affected",
              "version": "QCS6690"
            },
            {
              "status": "affected",
              "version": "QCS7230"
            },
            {
              "status": "affected",
              "version": "QCS8155"
            },
            {
              "status": "affected",
              "version": "QCS8250"
            },
            {
              "status": "affected",
              "version": "QCS8300"
            },
            {
              "status": "affected",
              "version": "QCS8550"
            },
            {
              "status": "affected",
              "version": "QCS9100"
            },
            {
              "status": "affected",
              "version": "QDU1000"
            },
            {
              "status": "affected",
              "version": "QDU1010"
            },
            {
              "status": "affected",
              "version": "QDU1110"
            },
            {
              "status": "affected",
              "version": "QDU1210"
            },
            {
              "status": "affected",
              "version": "QDX1010"
            },
            {
              "status": "affected",
              "version": "QDX1011"
            },
            {
              "status": "affected",
              "version": "QEP8111"
            },
            {
              "status": "affected",
              "version": "QFW7114"
            },
            {
              "status": "affected",
              "version": "QFW7124"
            },
            {
              "status": "affected",
              "version": "QMP1000"
            },
            {
              "status": "affected",
              "version": "QRB5165M"
            },
            {
              "status": "affected",
              "version": "QRB5165N"
            },
            {
              "status": "affected",
              "version": "QRU1032"
            },
            {
              "status": "affected",
              "version": "QRU1052"
            },
            {
              "status": "affected",
              "version": "QRU1062"
            },
            {
              "status": "affected",
              "version": "QSM8250"
            },
            {
              "status": "affected",
              "version": "QSM8350"
            },
            {
              "status": "affected",
              "version": "QTS110"
            },
            {
              "status": "affected",
              "version": "Qualcomm 215 Mobile Platform"
            },
            {
              "status": "affected",
              "version": "Qualcomm Video Collaboration VC1 Platform"
            },
            {
              "status": "affected",
              "version": "Qualcomm Video Collaboration VC3 Platform"
            },
            {
              "status": "affected",
              "version": "Qualcomm Video Collaboration VC5 Platform"
            },
            {
              "status": "affected",
              "version": "Robotics RB2 Platform"
            },
            {
              "status": "affected",
              "version": "Robotics RB3 Platform"
            },
            {
              "status": "affected",
              "version": "Robotics RB5 Platform"
            },
            {
              "status": "affected",
              "version": "SA2150P"
            },
            {
              "status": "affected",
              "version": "SA4150P"
            },
            {
              "status": "affected",
              "version": "SA4155P"
            },
            {
              "status": "affected",
              "version": "SA6145P"
            },
            {
              "status": "affected",
              "version": "SA6150P"
            },
            {
              "status": "affected",
              "version": "SA6155"
            },
            {
              "status": "affected",
              "version": "SA6155P"
            },
            {
              "status": "affected",
              "version": "SA7255P"
            },
            {
              "status": "affected",
              "version": "SA7775P"
            },
            {
              "status": "affected",
              "version": "SA8145P"
            },
            {
              "status": "affected",
              "version": "SA8150P"
            },
            {
              "status": "affected",
              "version": "SA8155"
            },
            {
              "status": "affected",
              "version": "SA8155P"
            },
            {
              "status": "affected",
              "version": "SA8195P"
            },
            {
              "status": "affected",
              "version": "SA8255P"
            },
            {
              "status": "affected",
              "version": "SA8295P"
            },
            {
              "status": "affected",
              "version": "SA8530P"
            },
            {
              "status": "affected",
              "version": "SA8540P"
            },
            {
              "status": "affected",
              "version": "SA8620P"
            },
            {
              "status": "affected",
              "version": "SA8650P"
            },
            {
              "status": "affected",
              "version": "SA8770P"
            },
            {
              "status": "affected",
              "version": "SA8775P"
            },
            {
              "status": "affected",
              "version": "SA9000P"
            },
            {
              "status": "affected",
              "version": "SC8180X+SDX55"
            },
            {
              "status": "affected",
              "version": "SC8380XP"
            },
            {
              "status": "affected",
              "version": "SD 675"
            },
            {
              "status": "affected",
              "version": "SD 8 Gen1 5G"
            },
            {
              "status": "affected",
              "version": "SD626"
            },
            {
              "status": "affected",
              "version": "SD670"
            },
            {
              "status": "affected",
              "version": "SD675"
            },
            {
              "status": "affected",
              "version": "SD730"
            },
            {
              "status": "affected",
              "version": "SD820"
            },
            {
              "status": "affected",
              "version": "SD821"
            },
            {
              "status": "affected",
              "version": "SD855"
            },
            {
              "status": "affected",
              "version": "SD865 5G"
            },
            {
              "status": "affected",
              "version": "SD888"
            },
            {
              "status": "affected",
              "version": "SDM429W"
            },
            {
              "status": "affected",
              "version": "SDX55"
            },
            {
              "status": "affected",
              "version": "SDX61"
            },
            {
              "status": "affected",
              "version": "SDX82"
            },
            {
              "status": "affected",
              "version": "SDX85"
            },
            {
              "status": "affected",
              "version": "SG4150P"
            },
            {
              "status": "affected",
              "version": "SG6150"
            },
            {
              "status": "affected",
              "version": "SG6150P"
            },
            {
              "status": "affected",
              "version": "SG8275P"
            },
            {
              "status": "affected",
              "version": "SM4125"
            },
            {
              "status": "affected",
              "version": "SM4635"
            },
            {
              "status": "affected",
              "version": "SM6225P"
            },
            {
              "status": "affected",
              "version": "SM6250"
            },
            {
              "status": "affected",
              "version": "SM6250P"
            },
            {
              "status": "affected",
              "version": "SM6370"
            },
            {
              "status": "affected",
              "version": "SM6650"
            },
            {
              "status": "affected",
              "version": "SM6650P"
            },
            {
              "status": "affected",
              "version": "SM7250P"
            },
            {
              "status": "affected",
              "version": "SM7315"
            },
            {
              "status": "affected",
              "version": "SM7325P"
            },
            {
              "status": "affected",
              "version": "SM7635"
            },
            {
              "status": "affected",
              "version": "SM7635P"
            },
            {
              "status": "affected",
              "version": "SM7675"
            },
            {
              "status": "affected",
              "version": "SM7675P"
            },
            {
              "status": "affected",
              "version": "SM8550P"
            },
            {
              "status": "affected",
              "version": "SM8635"
            },
            {
              "status": "affected",
              "version": "SM8635P"
            },
            {
              "status": "affected",
              "version": "SM8650Q"
            },
            {
              "status": "affected",
              "version": "SM8735"
            },
            {
              "status": "affected",
              "version": "SM8750"
            },
            {
              "status": "affected",
              "version": "SM8750P"
            },
            {
              "status": "affected",
              "version": "SM8850"
            },
            {
              "status": "affected",
              "version": "SM8850P"
            },
            {
              "status": "affected",
              "version": "Smart Audio 400 Platform"
            },
            {
              "status": "affected",
              "version": "Smart Display 200 Platform (APQ5053-AA)"
            },
            {
              "status": "affected",
              "version": "Snapdragon 1100 Wearable Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 1200 Wearable Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 4 Gen 1 Mobile Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 4 Gen 2 Mobile Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 425 Mobile Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 427 Mobile Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 429 Mobile Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 430 Mobile Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 435 Mobile Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 439 Mobile Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 450 Mobile Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 460 Mobile Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 480 5G Mobile Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 480+ 5G Mobile Platform (SM4350-AC)"
            },
            {
              "status": "affected",
              "version": "Snapdragon 625 Mobile Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 626 Mobile Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 632 Mobile Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 662 Mobile Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 665 Mobile Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 670 Mobile Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 675 Mobile Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 678 Mobile Platform (SM6150-AC)"
            },
            {
              "status": "affected",
              "version": "Snapdragon 680 4G Mobile Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 685 4G Mobile Platform (SM6225-AD)"
            },
            {
              "status": "affected",
              "version": "Snapdragon 690 5G Mobile Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 695 5G Mobile Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 710 Mobile Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 712 Mobile Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 720G Mobile Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 730 Mobile Platform (SM7150-AA)"
            },
            {
              "status": "affected",
              "version": "Snapdragon 730G Mobile Platform (SM7150-AB)"
            },
            {
              "status": "affected",
              "version": "Snapdragon 732G Mobile Platform (SM7150-AC)"
            },
            {
              "status": "affected",
              "version": "Snapdragon 750G 5G Mobile Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 765 5G Mobile Platform (SM7250-AA)"
            },
            {
              "status": "affected",
              "version": "Snapdragon 765G 5G Mobile Platform (SM7250-AB)"
            },
            {
              "status": "affected",
              "version": "Snapdragon 768G 5G Mobile Platform (SM7250-AC)"
            },
            {
              "status": "affected",
              "version": "Snapdragon 778G 5G Mobile Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 778G+ 5G Mobile Platform (SM7325-AE)"
            },
            {
              "status": "affected",
              "version": "Snapdragon 780G 5G Mobile Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 782G Mobile Platform (SM7325-AF)"
            },
            {
              "status": "affected",
              "version": "Snapdragon 7c Compute Platform (SC7180-AC)"
            },
            {
              "status": "affected",
              "version": "Snapdragon 7c Gen 2 Compute Platform (SC7180-AD) \"Rennell Pro\""
            },
            {
              "status": "affected",
              "version": "Snapdragon 7c+ Gen 3 Compute"
            },
            {
              "status": "affected",
              "version": "Snapdragon 8 Gen 1 Mobile Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 8 Gen 2 Mobile Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 8 Gen 3 Mobile Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 8+ Gen 1 Mobile Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 8+ Gen 2 Mobile Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 820 Automotive Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 820 Mobile Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 821 Mobile Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 845 Mobile Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 855 Mobile Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 855+/860 Mobile Platform (SM8150-AC)"
            },
            {
              "status": "affected",
              "version": "Snapdragon 865 5G Mobile Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 865+ 5G Mobile Platform (SM8250-AB)"
            },
            {
              "status": "affected",
              "version": "Snapdragon 870 5G Mobile Platform (SM8250-AC)"
            },
            {
              "status": "affected",
              "version": "Snapdragon 888 5G Mobile Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 888+ 5G Mobile Platform (SM8350-AC)"
            },
            {
              "status": "affected",
              "version": "Snapdragon 8c Compute Platform (SC8180X-AD) \"Poipu Lite\""
            },
            {
              "status": "affected",
              "version": "Snapdragon 8c Compute Platform (SC8180XP-AD) \"Poipu Lite\""
            },
            {
              "status": "affected",
              "version": "Snapdragon 8cx Compute Platform (SC8180X-AA, AB)"
            },
            {
              "status": "affected",
              "version": "Snapdragon 8cx Compute Platform (SC8180XP-AC, AF) \"Poipu Pro\""
            },
            {
              "status": "affected",
              "version": "Snapdragon 8cx Gen 2 5G Compute Platform (SC8180X-AC, AF) \"Poipu Pro\""
            },
            {
              "status": "affected",
              "version": "Snapdragon 8cx Gen 2 5G Compute Platform (SC8180XP-AA, AB)"
            },
            {
              "status": "affected",
              "version": "Snapdragon 8cx Gen 3 Compute Platform (SC8280XP-AB, BB)"
            },
            {
              "status": "affected",
              "version": "Snapdragon AR1 Gen 1 Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon AR1 Gen 1 Platform \"Luna1\""
            },
            {
              "status": "affected",
              "version": "Snapdragon AR2 Gen 1 Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon Auto 5G Modem-RF"
            },
            {
              "status": "affected",
              "version": "Snapdragon Auto 5G Modem-RF Gen 2"
            },
            {
              "status": "affected",
              "version": "Snapdragon W5+ Gen 1 Wearable Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon Wear 1300 Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon Wear 4100+ Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon X12 LTE Modem"
            },
            {
              "status": "affected",
              "version": "Snapdragon X24 LTE Modem"
            },
            {
              "status": "affected",
              "version": "Snapdragon X32 5G Modem-RF System"
            },
            {
              "status": "affected",
              "version": "Snapdragon X35 5G Modem-RF System"
            },
            {
              "status": "affected",
              "version": "Snapdragon X5 LTE Modem"
            },
            {
              "status": "affected",
              "version": "Snapdragon X50 5G Modem-RF System"
            },
            {
              "status": "affected",
              "version": "Snapdragon X55 5G Modem-RF System"
            },
            {
              "status": "affected",
              "version": "Snapdragon X62 5G Modem-RF System"
            },
            {
              "status": "affected",
              "version": "Snapdragon X65 5G Modem-RF System"
            },
            {
              "status": "affected",
              "version": "Snapdragon X72 5G Modem-RF System"
            },
            {
              "status": "affected",
              "version": "Snapdragon X75 5G Modem-RF System"
            },
            {
              "status": "affected",
              "version": "Snapdragon XR1 Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon XR2 5G Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon XR2+ Gen 1 Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon Auto 4G Modem"
            },
            {
              "status": "affected",
              "version": "SRV1H"
            },
            {
              "status": "affected",
              "version": "SRV1L"
            },
            {
              "status": "affected",
              "version": "SRV1M"
            },
            {
              "status": "affected",
              "version": "SSG2115P"
            },
            {
              "status": "affected",
              "version": "SSG2125P"
            },
            {
              "status": "affected",
              "version": "SW5100"
            },
            {
              "status": "affected",
              "version": "SW5100P"
            },
            {
              "status": "affected",
              "version": "SXR1120"
            },
            {
              "status": "affected",
              "version": "SXR1230P"
            },
            {
              "status": "affected",
              "version": "SXR2130"
            },
            {
              "status": "affected",
              "version": "SXR2230P"
            },
            {
              "status": "affected",
              "version": "SXR2250P"
            },
            {
              "status": "affected",
              "version": "SXR2330P"
            },
            {
              "status": "affected",
              "version": "SXR2350P"
            },
            {
              "status": "affected",
              "version": "TalynPlus"
            },
            {
              "status": "affected",
              "version": "Vision Intelligence 100 Platform (APQ8053-AA)"
            },
            {
              "status": "affected",
              "version": "Vision Intelligence 200 Platform (APQ8053-AC)"
            },
            {
              "status": "affected",
              "version": "Vision Intelligence 300 Platform"
            },
            {
              "status": "affected",
              "version": "Vision Intelligence 400 Platform"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Memory corruption during PlayReady APP usecase while processing TA commands."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-131",
              "description": "CWE-131 Incorrect Calculation of Buffer Size",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-10-09T03:18:00.779Z",
        "orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
        "shortName": "qualcomm"
      },
      "references": [
        {
          "url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/october-2025-bulletin.html"
        }
      ],
      "title": "Incorrect Calculation of Buffer Size in HLOS"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
    "assignerShortName": "qualcomm",
    "cveId": "CVE-2025-27053",
    "datePublished": "2025-10-09T03:18:00.779Z",
    "dateReserved": "2025-02-18T09:19:46.885Z",
    "dateUpdated": "2026-02-26T17:48:08.266Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-27042 (GCVE-0-2025-27042)

Vulnerability from cvelistv5 – Published: 2025-07-08 12:49 – Updated: 2025-07-08 14:16
VLAI
Title
Incorrect Calculation of Buffer Size in Video
Summary
Memory corruption while processing video packets received from video firmware.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-131 - Incorrect Calculation of Buffer Size
Assigner
Impacted products
Vendor Product Version
Qualcomm, Inc. Snapdragon Affected: 315 5G IoT Modem
Affected: AQT1000
Affected: AR8031
Affected: AR8035
Affected: C-V2X 9150
Affected: CSR8811
Affected: CSRA6620
Affected: CSRA6640
Affected: FastConnect 6200
Affected: FastConnect 6700
Affected: FastConnect 6800
Affected: FastConnect 6900
Affected: FastConnect 7800
Affected: Flight RB5 5G Platform
Affected: FSM10055
Affected: FSM10056
Affected: FSM20055
Affected: FSM20056
Affected: Immersive Home 214 Platform
Affected: Immersive Home 216 Platform
Affected: Immersive Home 316 Platform
Affected: Immersive Home 318 Platform
Affected: Immersive Home 3210 Platform
Affected: Immersive Home 326 Platform
Affected: IPQ5010
Affected: IPQ5302
Affected: IPQ5312
Affected: IPQ5332
Affected: IPQ5424
Affected: IPQ6018
Affected: IPQ8070A
Affected: IPQ8071A
Affected: IPQ8072A
Affected: IPQ8074A
Affected: IPQ8076
Affected: IPQ8076A
Affected: IPQ8078
Affected: IPQ8078A
Affected: IPQ8173
Affected: IPQ8174
Affected: IPQ9008
Affected: IPQ9048
Affected: IPQ9554
Affected: IPQ9570
Affected: IPQ9574
Affected: MDM9628
Affected: QAM8255P
Affected: QAM8295P
Affected: QAM8620P
Affected: QAM8650P
Affected: QAM8775P
Affected: QAMSRV1H
Affected: QAMSRV1M
Affected: QCA0000
Affected: QCA4024
Affected: QCA6174A
Affected: QCA6391
Affected: QCA6420
Affected: QCA6426
Affected: QCA6430
Affected: QCA6436
Affected: QCA6564
Affected: QCA6564A
Affected: QCA6564AU
Affected: QCA6574
Affected: QCA6574A
Affected: QCA6574AU
Affected: QCA6584AU
Affected: QCA6595
Affected: QCA6595AU
Affected: QCA6678AQ
Affected: QCA6688AQ
Affected: QCA6696
Affected: QCA6698AQ
Affected: QCA6698AU
Affected: QCA6797AQ
Affected: QCA8072
Affected: QCA8075
Affected: QCA8080
Affected: QCA8081
Affected: QCA8082
Affected: QCA8084
Affected: QCA8085
Affected: QCA8101
Affected: QCA8337
Affected: QCA8384
Affected: QCA8385
Affected: QCA8386
Affected: QCA9367
Affected: QCA9377
Affected: QCA9888
Affected: QCA9889
Affected: QCC710
Affected: QCF8000
Affected: QCF8000SFP
Affected: QCF8001
Affected: QCM2150
Affected: QCM2290
Affected: QCM4290
Affected: QCM4325
Affected: QCM4490
Affected: QCM5430
Affected: QCM6125
Affected: QCM6490
Affected: QCM8550
Affected: QCN5022
Affected: QCN5024
Affected: QCN5052
Affected: QCN5054
Affected: QCN5122
Affected: QCN5124
Affected: QCN5152
Affected: QCN5154
Affected: QCN5164
Affected: QCN5224
Affected: QCN6023
Affected: QCN6024
Affected: QCN6100
Affected: QCN6102
Affected: QCN6112
Affected: QCN6122
Affected: QCN6132
Affected: QCN6224
Affected: QCN6274
Affected: QCN6402
Affected: QCN6412
Affected: QCN6422
Affected: QCN6432
Affected: QCN9000
Affected: QCN9001
Affected: QCN9002
Affected: QCN9003
Affected: QCN9011
Affected: QCN9012
Affected: QCN9024
Affected: QCN9070
Affected: QCN9072
Affected: QCN9074
Affected: QCN9274
Affected: QCS2290
Affected: QCS410
Affected: QCS4290
Affected: QCS4490
Affected: QCS5430
Affected: QCS610
Affected: QCS6125
Affected: QCS615
Affected: QCS6490
Affected: QCS7230
Affected: QCS8155
Affected: QCS8250
Affected: QCS8300
Affected: QCS8550
Affected: QCS9100
Affected: QDU1000
Affected: QDU1010
Affected: QDU1110
Affected: QDU1210
Affected: QDX1010
Affected: QDX1011
Affected: QEP8111
Affected: QFW7114
Affected: QFW7124
Affected: QMP1000
Affected: QRB5165M
Affected: QRB5165N
Affected: QRU1032
Affected: QRU1052
Affected: QRU1062
Affected: QSM8250
Affected: QSM8350
Affected: Qualcomm 215 Mobile Platform
Affected: Qualcomm Video Collaboration VC1 Platform
Affected: Qualcomm Video Collaboration VC3 Platform
Affected: Qualcomm Video Collaboration VC5 Platform
Affected: Robotics RB2 Platform
Affected: Robotics RB5 Platform
Affected: SA2150P
Affected: SA4150P
Affected: SA4155P
Affected: SA6145P
Affected: SA6150P
Affected: SA6155
Affected: SA6155P
Affected: SA7255P
Affected: SA7775P
Affected: SA8145P
Affected: SA8150P
Affected: SA8155
Affected: SA8155P
Affected: SA8195P
Affected: SA8255P
Affected: SA8295P
Affected: SA8530P
Affected: SA8540P
Affected: SA8620P
Affected: SA8650P
Affected: SA8770P
Affected: SA8775P
Affected: SA9000P
Affected: SD 675
Affected: SD 8 Gen1 5G
Affected: SD660
Affected: SD675
Affected: SD730
Affected: SD855
Affected: SD865 5G
Affected: SD888
Affected: SDX55
Affected: SDX61
Affected: SDX65M
Affected: SG4150P
Affected: SG8275P
Affected: SM4125
Affected: SM4635
Affected: SM6250
Affected: SM6370
Affected: SM6650
Affected: SM6650P
Affected: SM7250P
Affected: SM7315
Affected: SM7325P
Affected: SM7635
Affected: SM7635P
Affected: SM7675
Affected: SM7675P
Affected: SM8550P
Affected: SM8635
Affected: SM8635P
Affected: SM8650Q
Affected: SM8735
Affected: SM8750
Affected: SM8750P
Affected: Smart Audio 400 Platform
Affected: Snapdragon 4 Gen 1 Mobile Platform
Affected: Snapdragon 4 Gen 2 Mobile Platform
Affected: Snapdragon 439 Mobile Platform
Affected: Snapdragon 460 Mobile Platform
Affected: Snapdragon 480 5G Mobile Platform
Affected: Snapdragon 480+ 5G Mobile Platform (SM4350-AC)
Affected: Snapdragon 660 Mobile Platform
Affected: Snapdragon 662 Mobile Platform
Affected: Snapdragon 675 Mobile Platform
Affected: Snapdragon 678 Mobile Platform (SM6150-AC)
Affected: Snapdragon 680 4G Mobile Platform
Affected: Snapdragon 685 4G Mobile Platform (SM6225-AD)
Affected: Snapdragon 690 5G Mobile Platform
Affected: Snapdragon 695 5G Mobile Platform
Affected: Snapdragon 720G Mobile Platform
Affected: Snapdragon 730 Mobile Platform (SM7150-AA)
Affected: Snapdragon 730G Mobile Platform (SM7150-AB)
Affected: Snapdragon 732G Mobile Platform (SM7150-AC)
Affected: Snapdragon 750G 5G Mobile Platform
Affected: Snapdragon 765 5G Mobile Platform (SM7250-AA)
Affected: Snapdragon 765G 5G Mobile Platform (SM7250-AB)
Affected: Snapdragon 768G 5G Mobile Platform (SM7250-AC)
Affected: Snapdragon 778G 5G Mobile Platform
Affected: Snapdragon 778G+ 5G Mobile Platform (SM7325-AE)
Affected: Snapdragon 780G 5G Mobile Platform
Affected: Snapdragon 782G Mobile Platform (SM7325-AF)
Affected: Snapdragon 7c+ Gen 3 Compute
Affected: Snapdragon 8 Gen 1 Mobile Platform
Affected: Snapdragon 8 Gen 2 Mobile Platform
Affected: Snapdragon 8 Gen 3 Mobile Platform
Affected: Snapdragon 8+ Gen 1 Mobile Platform
Affected: Snapdragon 8+ Gen 2 Mobile Platform
Affected: Snapdragon 855 Mobile Platform
Affected: Snapdragon 855+/860 Mobile Platform (SM8150-AC)
Affected: Snapdragon 865 5G Mobile Platform
Affected: Snapdragon 865+ 5G Mobile Platform (SM8250-AB)
Affected: Snapdragon 870 5G Mobile Platform (SM8250-AC)
Affected: Snapdragon 888 5G Mobile Platform
Affected: Snapdragon 888+ 5G Mobile Platform (SM8350-AC)
Affected: Snapdragon AR1 Gen 1 Platform
Affected: Snapdragon AR1 Gen 1 Platform "Luna1"
Affected: Snapdragon AR2 Gen 1 Platform
Affected: Snapdragon Auto 5G Modem-RF
Affected: Snapdragon Auto 5G Modem-RF Gen 2
Affected: Snapdragon W5+ Gen 1 Wearable Platform
Affected: Snapdragon X12 LTE Modem
Affected: Snapdragon X32 5G Modem-RF System
Affected: Snapdragon X35 5G Modem-RF System
Affected: Snapdragon X50 5G Modem-RF System
Affected: Snapdragon X55 5G Modem-RF System
Affected: Snapdragon X62 5G Modem-RF System
Affected: Snapdragon X65 5G Modem-RF System
Affected: Snapdragon X72 5G Modem-RF System
Affected: Snapdragon X75 5G Modem-RF System
Affected: Snapdragon XR2 5G Platform
Affected: Snapdragon XR2+ Gen 1 Platform
Affected: Snapdragon Auto 4G Modem
Affected: SRV1H
Affected: SRV1L
Affected: SRV1M
Affected: SSG2115P
Affected: SSG2125P
Affected: SW-only
Affected: SW5100
Affected: SW5100P
Affected: SXR1230P
Affected: SXR2130
Affected: SXR2230P
Affected: SXR2250P
Affected: SXR2330P
Affected: TalynPlus
Affected: Vision Intelligence 400 Platform
Affected: WCD9326
Affected: WCD9335
Affected: WCD9340
Affected: WCD9341
Affected: WCD9360
Affected: WCD9370
Affected: WCD9371
Affected: WCD9375
Affected: WCD9378
Affected: WCD9380
Affected: WCD9385
Affected: WCD9390
Affected: WCD9395
Affected: WCN3615
Affected: WCN3660B
Affected: WCN3680
Affected: WCN3680B
Affected: WCN3910
Affected: WCN3950
Affected: WCN3980
Affected: WCN3988
Affected: WCN3990
Affected: WCN6450
Affected: WCN6650
Affected: WCN6740
Affected: WCN6755
Affected: WCN7750
Affected: WCN7860
Affected: WCN7861
Affected: WCN7880
Affected: WCN7881
Affected: WSA8810
Affected: WSA8815
Affected: WSA8830
Affected: WSA8832
Affected: WSA8835
Affected: WSA8840
Affected: WSA8845
Affected: WSA8845H
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-27042",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-07-08T14:15:31.590308Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-07-08T14:16:03.369Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Snapdragon Auto",
            "Snapdragon CCW",
            "Snapdragon Compute",
            "Snapdragon Connectivity",
            "Snapdragon Consumer IOT",
            "Snapdragon Industrial IOT",
            "Snapdragon Mobile",
            "Snapdragon Small Cell",
            "Snapdragon Voice \u0026 Music",
            "Snapdragon WBC",
            "Snapdragon Wearables",
            "Snapdragon Wired Infrastructure and Networking"
          ],
          "product": "Snapdragon",
          "vendor": "Qualcomm, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "315 5G IoT Modem"
            },
            {
              "status": "affected",
              "version": "AQT1000"
            },
            {
              "status": "affected",
              "version": "AR8031"
            },
            {
              "status": "affected",
              "version": "AR8035"
            },
            {
              "status": "affected",
              "version": "C-V2X 9150"
            },
            {
              "status": "affected",
              "version": "CSR8811"
            },
            {
              "status": "affected",
              "version": "CSRA6620"
            },
            {
              "status": "affected",
              "version": "CSRA6640"
            },
            {
              "status": "affected",
              "version": "FastConnect 6200"
            },
            {
              "status": "affected",
              "version": "FastConnect 6700"
            },
            {
              "status": "affected",
              "version": "FastConnect 6800"
            },
            {
              "status": "affected",
              "version": "FastConnect 6900"
            },
            {
              "status": "affected",
              "version": "FastConnect 7800"
            },
            {
              "status": "affected",
              "version": "Flight RB5 5G Platform"
            },
            {
              "status": "affected",
              "version": "FSM10055"
            },
            {
              "status": "affected",
              "version": "FSM10056"
            },
            {
              "status": "affected",
              "version": "FSM20055"
            },
            {
              "status": "affected",
              "version": "FSM20056"
            },
            {
              "status": "affected",
              "version": "Immersive Home 214 Platform"
            },
            {
              "status": "affected",
              "version": "Immersive Home 216 Platform"
            },
            {
              "status": "affected",
              "version": "Immersive Home 316 Platform"
            },
            {
              "status": "affected",
              "version": "Immersive Home 318 Platform"
            },
            {
              "status": "affected",
              "version": "Immersive Home 3210 Platform"
            },
            {
              "status": "affected",
              "version": "Immersive Home 326 Platform"
            },
            {
              "status": "affected",
              "version": "IPQ5010"
            },
            {
              "status": "affected",
              "version": "IPQ5302"
            },
            {
              "status": "affected",
              "version": "IPQ5312"
            },
            {
              "status": "affected",
              "version": "IPQ5332"
            },
            {
              "status": "affected",
              "version": "IPQ5424"
            },
            {
              "status": "affected",
              "version": "IPQ6018"
            },
            {
              "status": "affected",
              "version": "IPQ8070A"
            },
            {
              "status": "affected",
              "version": "IPQ8071A"
            },
            {
              "status": "affected",
              "version": "IPQ8072A"
            },
            {
              "status": "affected",
              "version": "IPQ8074A"
            },
            {
              "status": "affected",
              "version": "IPQ8076"
            },
            {
              "status": "affected",
              "version": "IPQ8076A"
            },
            {
              "status": "affected",
              "version": "IPQ8078"
            },
            {
              "status": "affected",
              "version": "IPQ8078A"
            },
            {
              "status": "affected",
              "version": "IPQ8173"
            },
            {
              "status": "affected",
              "version": "IPQ8174"
            },
            {
              "status": "affected",
              "version": "IPQ9008"
            },
            {
              "status": "affected",
              "version": "IPQ9048"
            },
            {
              "status": "affected",
              "version": "IPQ9554"
            },
            {
              "status": "affected",
              "version": "IPQ9570"
            },
            {
              "status": "affected",
              "version": "IPQ9574"
            },
            {
              "status": "affected",
              "version": "MDM9628"
            },
            {
              "status": "affected",
              "version": "QAM8255P"
            },
            {
              "status": "affected",
              "version": "QAM8295P"
            },
            {
              "status": "affected",
              "version": "QAM8620P"
            },
            {
              "status": "affected",
              "version": "QAM8650P"
            },
            {
              "status": "affected",
              "version": "QAM8775P"
            },
            {
              "status": "affected",
              "version": "QAMSRV1H"
            },
            {
              "status": "affected",
              "version": "QAMSRV1M"
            },
            {
              "status": "affected",
              "version": "QCA0000"
            },
            {
              "status": "affected",
              "version": "QCA4024"
            },
            {
              "status": "affected",
              "version": "QCA6174A"
            },
            {
              "status": "affected",
              "version": "QCA6391"
            },
            {
              "status": "affected",
              "version": "QCA6420"
            },
            {
              "status": "affected",
              "version": "QCA6426"
            },
            {
              "status": "affected",
              "version": "QCA6430"
            },
            {
              "status": "affected",
              "version": "QCA6436"
            },
            {
              "status": "affected",
              "version": "QCA6564"
            },
            {
              "status": "affected",
              "version": "QCA6564A"
            },
            {
              "status": "affected",
              "version": "QCA6564AU"
            },
            {
              "status": "affected",
              "version": "QCA6574"
            },
            {
              "status": "affected",
              "version": "QCA6574A"
            },
            {
              "status": "affected",
              "version": "QCA6574AU"
            },
            {
              "status": "affected",
              "version": "QCA6584AU"
            },
            {
              "status": "affected",
              "version": "QCA6595"
            },
            {
              "status": "affected",
              "version": "QCA6595AU"
            },
            {
              "status": "affected",
              "version": "QCA6678AQ"
            },
            {
              "status": "affected",
              "version": "QCA6688AQ"
            },
            {
              "status": "affected",
              "version": "QCA6696"
            },
            {
              "status": "affected",
              "version": "QCA6698AQ"
            },
            {
              "status": "affected",
              "version": "QCA6698AU"
            },
            {
              "status": "affected",
              "version": "QCA6797AQ"
            },
            {
              "status": "affected",
              "version": "QCA8072"
            },
            {
              "status": "affected",
              "version": "QCA8075"
            },
            {
              "status": "affected",
              "version": "QCA8080"
            },
            {
              "status": "affected",
              "version": "QCA8081"
            },
            {
              "status": "affected",
              "version": "QCA8082"
            },
            {
              "status": "affected",
              "version": "QCA8084"
            },
            {
              "status": "affected",
              "version": "QCA8085"
            },
            {
              "status": "affected",
              "version": "QCA8101"
            },
            {
              "status": "affected",
              "version": "QCA8337"
            },
            {
              "status": "affected",
              "version": "QCA8384"
            },
            {
              "status": "affected",
              "version": "QCA8385"
            },
            {
              "status": "affected",
              "version": "QCA8386"
            },
            {
              "status": "affected",
              "version": "QCA9367"
            },
            {
              "status": "affected",
              "version": "QCA9377"
            },
            {
              "status": "affected",
              "version": "QCA9888"
            },
            {
              "status": "affected",
              "version": "QCA9889"
            },
            {
              "status": "affected",
              "version": "QCC710"
            },
            {
              "status": "affected",
              "version": "QCF8000"
            },
            {
              "status": "affected",
              "version": "QCF8000SFP"
            },
            {
              "status": "affected",
              "version": "QCF8001"
            },
            {
              "status": "affected",
              "version": "QCM2150"
            },
            {
              "status": "affected",
              "version": "QCM2290"
            },
            {
              "status": "affected",
              "version": "QCM4290"
            },
            {
              "status": "affected",
              "version": "QCM4325"
            },
            {
              "status": "affected",
              "version": "QCM4490"
            },
            {
              "status": "affected",
              "version": "QCM5430"
            },
            {
              "status": "affected",
              "version": "QCM6125"
            },
            {
              "status": "affected",
              "version": "QCM6490"
            },
            {
              "status": "affected",
              "version": "QCM8550"
            },
            {
              "status": "affected",
              "version": "QCN5022"
            },
            {
              "status": "affected",
              "version": "QCN5024"
            },
            {
              "status": "affected",
              "version": "QCN5052"
            },
            {
              "status": "affected",
              "version": "QCN5054"
            },
            {
              "status": "affected",
              "version": "QCN5122"
            },
            {
              "status": "affected",
              "version": "QCN5124"
            },
            {
              "status": "affected",
              "version": "QCN5152"
            },
            {
              "status": "affected",
              "version": "QCN5154"
            },
            {
              "status": "affected",
              "version": "QCN5164"
            },
            {
              "status": "affected",
              "version": "QCN5224"
            },
            {
              "status": "affected",
              "version": "QCN6023"
            },
            {
              "status": "affected",
              "version": "QCN6024"
            },
            {
              "status": "affected",
              "version": "QCN6100"
            },
            {
              "status": "affected",
              "version": "QCN6102"
            },
            {
              "status": "affected",
              "version": "QCN6112"
            },
            {
              "status": "affected",
              "version": "QCN6122"
            },
            {
              "status": "affected",
              "version": "QCN6132"
            },
            {
              "status": "affected",
              "version": "QCN6224"
            },
            {
              "status": "affected",
              "version": "QCN6274"
            },
            {
              "status": "affected",
              "version": "QCN6402"
            },
            {
              "status": "affected",
              "version": "QCN6412"
            },
            {
              "status": "affected",
              "version": "QCN6422"
            },
            {
              "status": "affected",
              "version": "QCN6432"
            },
            {
              "status": "affected",
              "version": "QCN9000"
            },
            {
              "status": "affected",
              "version": "QCN9001"
            },
            {
              "status": "affected",
              "version": "QCN9002"
            },
            {
              "status": "affected",
              "version": "QCN9003"
            },
            {
              "status": "affected",
              "version": "QCN9011"
            },
            {
              "status": "affected",
              "version": "QCN9012"
            },
            {
              "status": "affected",
              "version": "QCN9024"
            },
            {
              "status": "affected",
              "version": "QCN9070"
            },
            {
              "status": "affected",
              "version": "QCN9072"
            },
            {
              "status": "affected",
              "version": "QCN9074"
            },
            {
              "status": "affected",
              "version": "QCN9274"
            },
            {
              "status": "affected",
              "version": "QCS2290"
            },
            {
              "status": "affected",
              "version": "QCS410"
            },
            {
              "status": "affected",
              "version": "QCS4290"
            },
            {
              "status": "affected",
              "version": "QCS4490"
            },
            {
              "status": "affected",
              "version": "QCS5430"
            },
            {
              "status": "affected",
              "version": "QCS610"
            },
            {
              "status": "affected",
              "version": "QCS6125"
            },
            {
              "status": "affected",
              "version": "QCS615"
            },
            {
              "status": "affected",
              "version": "QCS6490"
            },
            {
              "status": "affected",
              "version": "QCS7230"
            },
            {
              "status": "affected",
              "version": "QCS8155"
            },
            {
              "status": "affected",
              "version": "QCS8250"
            },
            {
              "status": "affected",
              "version": "QCS8300"
            },
            {
              "status": "affected",
              "version": "QCS8550"
            },
            {
              "status": "affected",
              "version": "QCS9100"
            },
            {
              "status": "affected",
              "version": "QDU1000"
            },
            {
              "status": "affected",
              "version": "QDU1010"
            },
            {
              "status": "affected",
              "version": "QDU1110"
            },
            {
              "status": "affected",
              "version": "QDU1210"
            },
            {
              "status": "affected",
              "version": "QDX1010"
            },
            {
              "status": "affected",
              "version": "QDX1011"
            },
            {
              "status": "affected",
              "version": "QEP8111"
            },
            {
              "status": "affected",
              "version": "QFW7114"
            },
            {
              "status": "affected",
              "version": "QFW7124"
            },
            {
              "status": "affected",
              "version": "QMP1000"
            },
            {
              "status": "affected",
              "version": "QRB5165M"
            },
            {
              "status": "affected",
              "version": "QRB5165N"
            },
            {
              "status": "affected",
              "version": "QRU1032"
            },
            {
              "status": "affected",
              "version": "QRU1052"
            },
            {
              "status": "affected",
              "version": "QRU1062"
            },
            {
              "status": "affected",
              "version": "QSM8250"
            },
            {
              "status": "affected",
              "version": "QSM8350"
            },
            {
              "status": "affected",
              "version": "Qualcomm 215 Mobile Platform"
            },
            {
              "status": "affected",
              "version": "Qualcomm Video Collaboration VC1 Platform"
            },
            {
              "status": "affected",
              "version": "Qualcomm Video Collaboration VC3 Platform"
            },
            {
              "status": "affected",
              "version": "Qualcomm Video Collaboration VC5 Platform"
            },
            {
              "status": "affected",
              "version": "Robotics RB2 Platform"
            },
            {
              "status": "affected",
              "version": "Robotics RB5 Platform"
            },
            {
              "status": "affected",
              "version": "SA2150P"
            },
            {
              "status": "affected",
              "version": "SA4150P"
            },
            {
              "status": "affected",
              "version": "SA4155P"
            },
            {
              "status": "affected",
              "version": "SA6145P"
            },
            {
              "status": "affected",
              "version": "SA6150P"
            },
            {
              "status": "affected",
              "version": "SA6155"
            },
            {
              "status": "affected",
              "version": "SA6155P"
            },
            {
              "status": "affected",
              "version": "SA7255P"
            },
            {
              "status": "affected",
              "version": "SA7775P"
            },
            {
              "status": "affected",
              "version": "SA8145P"
            },
            {
              "status": "affected",
              "version": "SA8150P"
            },
            {
              "status": "affected",
              "version": "SA8155"
            },
            {
              "status": "affected",
              "version": "SA8155P"
            },
            {
              "status": "affected",
              "version": "SA8195P"
            },
            {
              "status": "affected",
              "version": "SA8255P"
            },
            {
              "status": "affected",
              "version": "SA8295P"
            },
            {
              "status": "affected",
              "version": "SA8530P"
            },
            {
              "status": "affected",
              "version": "SA8540P"
            },
            {
              "status": "affected",
              "version": "SA8620P"
            },
            {
              "status": "affected",
              "version": "SA8650P"
            },
            {
              "status": "affected",
              "version": "SA8770P"
            },
            {
              "status": "affected",
              "version": "SA8775P"
            },
            {
              "status": "affected",
              "version": "SA9000P"
            },
            {
              "status": "affected",
              "version": "SD 675"
            },
            {
              "status": "affected",
              "version": "SD 8 Gen1 5G"
            },
            {
              "status": "affected",
              "version": "SD660"
            },
            {
              "status": "affected",
              "version": "SD675"
            },
            {
              "status": "affected",
              "version": "SD730"
            },
            {
              "status": "affected",
              "version": "SD855"
            },
            {
              "status": "affected",
              "version": "SD865 5G"
            },
            {
              "status": "affected",
              "version": "SD888"
            },
            {
              "status": "affected",
              "version": "SDX55"
            },
            {
              "status": "affected",
              "version": "SDX61"
            },
            {
              "status": "affected",
              "version": "SDX65M"
            },
            {
              "status": "affected",
              "version": "SG4150P"
            },
            {
              "status": "affected",
              "version": "SG8275P"
            },
            {
              "status": "affected",
              "version": "SM4125"
            },
            {
              "status": "affected",
              "version": "SM4635"
            },
            {
              "status": "affected",
              "version": "SM6250"
            },
            {
              "status": "affected",
              "version": "SM6370"
            },
            {
              "status": "affected",
              "version": "SM6650"
            },
            {
              "status": "affected",
              "version": "SM6650P"
            },
            {
              "status": "affected",
              "version": "SM7250P"
            },
            {
              "status": "affected",
              "version": "SM7315"
            },
            {
              "status": "affected",
              "version": "SM7325P"
            },
            {
              "status": "affected",
              "version": "SM7635"
            },
            {
              "status": "affected",
              "version": "SM7635P"
            },
            {
              "status": "affected",
              "version": "SM7675"
            },
            {
              "status": "affected",
              "version": "SM7675P"
            },
            {
              "status": "affected",
              "version": "SM8550P"
            },
            {
              "status": "affected",
              "version": "SM8635"
            },
            {
              "status": "affected",
              "version": "SM8635P"
            },
            {
              "status": "affected",
              "version": "SM8650Q"
            },
            {
              "status": "affected",
              "version": "SM8735"
            },
            {
              "status": "affected",
              "version": "SM8750"
            },
            {
              "status": "affected",
              "version": "SM8750P"
            },
            {
              "status": "affected",
              "version": "Smart Audio 400 Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 4 Gen 1 Mobile Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 4 Gen 2 Mobile Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 439 Mobile Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 460 Mobile Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 480 5G Mobile Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 480+ 5G Mobile Platform (SM4350-AC)"
            },
            {
              "status": "affected",
              "version": "Snapdragon 660 Mobile Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 662 Mobile Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 675 Mobile Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 678 Mobile Platform (SM6150-AC)"
            },
            {
              "status": "affected",
              "version": "Snapdragon 680 4G Mobile Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 685 4G Mobile Platform (SM6225-AD)"
            },
            {
              "status": "affected",
              "version": "Snapdragon 690 5G Mobile Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 695 5G Mobile Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 720G Mobile Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 730 Mobile Platform (SM7150-AA)"
            },
            {
              "status": "affected",
              "version": "Snapdragon 730G Mobile Platform (SM7150-AB)"
            },
            {
              "status": "affected",
              "version": "Snapdragon 732G Mobile Platform (SM7150-AC)"
            },
            {
              "status": "affected",
              "version": "Snapdragon 750G 5G Mobile Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 765 5G Mobile Platform (SM7250-AA)"
            },
            {
              "status": "affected",
              "version": "Snapdragon 765G 5G Mobile Platform (SM7250-AB)"
            },
            {
              "status": "affected",
              "version": "Snapdragon 768G 5G Mobile Platform (SM7250-AC)"
            },
            {
              "status": "affected",
              "version": "Snapdragon 778G 5G Mobile Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 778G+ 5G Mobile Platform (SM7325-AE)"
            },
            {
              "status": "affected",
              "version": "Snapdragon 780G 5G Mobile Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 782G Mobile Platform (SM7325-AF)"
            },
            {
              "status": "affected",
              "version": "Snapdragon 7c+ Gen 3 Compute"
            },
            {
              "status": "affected",
              "version": "Snapdragon 8 Gen 1 Mobile Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 8 Gen 2 Mobile Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 8 Gen 3 Mobile Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 8+ Gen 1 Mobile Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 8+ Gen 2 Mobile Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 855 Mobile Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 855+/860 Mobile Platform (SM8150-AC)"
            },
            {
              "status": "affected",
              "version": "Snapdragon 865 5G Mobile Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 865+ 5G Mobile Platform (SM8250-AB)"
            },
            {
              "status": "affected",
              "version": "Snapdragon 870 5G Mobile Platform (SM8250-AC)"
            },
            {
              "status": "affected",
              "version": "Snapdragon 888 5G Mobile Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 888+ 5G Mobile Platform (SM8350-AC)"
            },
            {
              "status": "affected",
              "version": "Snapdragon AR1 Gen 1 Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon AR1 Gen 1 Platform \"Luna1\""
            },
            {
              "status": "affected",
              "version": "Snapdragon AR2 Gen 1 Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon Auto 5G Modem-RF"
            },
            {
              "status": "affected",
              "version": "Snapdragon Auto 5G Modem-RF Gen 2"
            },
            {
              "status": "affected",
              "version": "Snapdragon W5+ Gen 1 Wearable Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon X12 LTE Modem"
            },
            {
              "status": "affected",
              "version": "Snapdragon X32 5G Modem-RF System"
            },
            {
              "status": "affected",
              "version": "Snapdragon X35 5G Modem-RF System"
            },
            {
              "status": "affected",
              "version": "Snapdragon X50 5G Modem-RF System"
            },
            {
              "status": "affected",
              "version": "Snapdragon X55 5G Modem-RF System"
            },
            {
              "status": "affected",
              "version": "Snapdragon X62 5G Modem-RF System"
            },
            {
              "status": "affected",
              "version": "Snapdragon X65 5G Modem-RF System"
            },
            {
              "status": "affected",
              "version": "Snapdragon X72 5G Modem-RF System"
            },
            {
              "status": "affected",
              "version": "Snapdragon X75 5G Modem-RF System"
            },
            {
              "status": "affected",
              "version": "Snapdragon XR2 5G Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon XR2+ Gen 1 Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon Auto 4G Modem"
            },
            {
              "status": "affected",
              "version": "SRV1H"
            },
            {
              "status": "affected",
              "version": "SRV1L"
            },
            {
              "status": "affected",
              "version": "SRV1M"
            },
            {
              "status": "affected",
              "version": "SSG2115P"
            },
            {
              "status": "affected",
              "version": "SSG2125P"
            },
            {
              "status": "affected",
              "version": "SW-only"
            },
            {
              "status": "affected",
              "version": "SW5100"
            },
            {
              "status": "affected",
              "version": "SW5100P"
            },
            {
              "status": "affected",
              "version": "SXR1230P"
            },
            {
              "status": "affected",
              "version": "SXR2130"
            },
            {
              "status": "affected",
              "version": "SXR2230P"
            },
            {
              "status": "affected",
              "version": "SXR2250P"
            },
            {
              "status": "affected",
              "version": "SXR2330P"
            },
            {
              "status": "affected",
              "version": "TalynPlus"
            },
            {
              "status": "affected",
              "version": "Vision Intelligence 400 Platform"
            },
            {
              "status": "affected",
              "version": "WCD9326"
            },
            {
              "status": "affected",
              "version": "WCD9335"
            },
            {
              "status": "affected",
              "version": "WCD9340"
            },
            {
              "status": "affected",
              "version": "WCD9341"
            },
            {
              "status": "affected",
              "version": "WCD9360"
            },
            {
              "status": "affected",
              "version": "WCD9370"
            },
            {
              "status": "affected",
              "version": "WCD9371"
            },
            {
              "status": "affected",
              "version": "WCD9375"
            },
            {
              "status": "affected",
              "version": "WCD9378"
            },
            {
              "status": "affected",
              "version": "WCD9380"
            },
            {
              "status": "affected",
              "version": "WCD9385"
            },
            {
              "status": "affected",
              "version": "WCD9390"
            },
            {
              "status": "affected",
              "version": "WCD9395"
            },
            {
              "status": "affected",
              "version": "WCN3615"
            },
            {
              "status": "affected",
              "version": "WCN3660B"
            },
            {
              "status": "affected",
              "version": "WCN3680"
            },
            {
              "status": "affected",
              "version": "WCN3680B"
            },
            {
              "status": "affected",
              "version": "WCN3910"
            },
            {
              "status": "affected",
              "version": "WCN3950"
            },
            {
              "status": "affected",
              "version": "WCN3980"
            },
            {
              "status": "affected",
              "version": "WCN3988"
            },
            {
              "status": "affected",
              "version": "WCN3990"
            },
            {
              "status": "affected",
              "version": "WCN6450"
            },
            {
              "status": "affected",
              "version": "WCN6650"
            },
            {
              "status": "affected",
              "version": "WCN6740"
            },
            {
              "status": "affected",
              "version": "WCN6755"
            },
            {
              "status": "affected",
              "version": "WCN7750"
            },
            {
              "status": "affected",
              "version": "WCN7860"
            },
            {
              "status": "affected",
              "version": "WCN7861"
            },
            {
              "status": "affected",
              "version": "WCN7880"
            },
            {
              "status": "affected",
              "version": "WCN7881"
            },
            {
              "status": "affected",
              "version": "WSA8810"
            },
            {
              "status": "affected",
              "version": "WSA8815"
            },
            {
              "status": "affected",
              "version": "WSA8830"
            },
            {
              "status": "affected",
              "version": "WSA8832"
            },
            {
              "status": "affected",
              "version": "WSA8835"
            },
            {
              "status": "affected",
              "version": "WSA8840"
            },
            {
              "status": "affected",
              "version": "WSA8845"
            },
            {
              "status": "affected",
              "version": "WSA8845H"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Memory corruption while processing video packets received from video firmware."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-131",
              "description": "CWE-131 Incorrect Calculation of Buffer Size",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-08T12:49:04.998Z",
        "orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
        "shortName": "qualcomm"
      },
      "references": [
        {
          "url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/july-2025-bulletin.html"
        }
      ],
      "title": "Incorrect Calculation of Buffer Size in Video"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
    "assignerShortName": "qualcomm",
    "cveId": "CVE-2025-27042",
    "datePublished": "2025-07-08T12:49:04.998Z",
    "dateReserved": "2025-02-18T09:19:46.883Z",
    "dateUpdated": "2025-07-08T14:16:03.369Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-1861 (GCVE-0-2025-1861)

Vulnerability from cvelistv5 – Published: 2025-03-30 05:57 – Updated: 2025-11-03 20:57
VLAI
Title
Stream HTTP wrapper truncates redirect location to 1024 bytes
Summary
In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when parsing HTTP redirect in the response to an HTTP request, there is currently limit on the location value size caused by limited size of the location buffer to 1024. However as per RFC9110, the limit is recommended to be 8000. This may lead to incorrect URL truncation and redirecting to a wrong location.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-131 - Incorrect Calculation of Buffer Size
Assigner
php
Impacted products
Vendor Product Version
PHP Group PHP Affected: 8.1.* , < 8.1.32 (semver)
Affected: 8.2.* , < 8.2.28 (semver)
Affected: 8.3.* , < 8.3.19 (semver)
Affected: 8.4.* , < 8.4.5 (semver)
Create a notification for this product.
Date Public
2025-03-23 17:44
Credits
Jakub Zelenka
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-1861",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-03-31T12:55:53.101020Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-31T12:56:00.966Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T20:57:13.769Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://security.netapp.com/advisory/ntap-20250523-0005/"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00014.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "PHP",
          "vendor": "PHP Group",
          "versions": [
            {
              "lessThan": "8.1.32",
              "status": "affected",
              "version": "8.1.*",
              "versionType": "semver"
            },
            {
              "lessThan": "8.2.28",
              "status": "affected",
              "version": "8.2.*",
              "versionType": "semver"
            },
            {
              "lessThan": "8.3.19",
              "status": "affected",
              "version": "8.3.*",
              "versionType": "semver"
            },
            {
              "lessThan": "8.4.5",
              "status": "affected",
              "version": "8.4.*",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "Jakub Zelenka"
        }
      ],
      "datePublic": "2025-03-23T17:44:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIn PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when parsing HTTP redirect in the response to an HTTP request, there is currently limit on the location value size caused by limited size of the location buffer to 1024. However as per RFC9110\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e, the limit is recommended to be 8000. This may lead to incorrect URL truncation and redirecting to a wrong location.\u0026nbsp;\u003c/span\u003e\u003cbr\u003e"
            }
          ],
          "value": "In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when parsing HTTP redirect in the response to an HTTP request, there is currently limit on the location value size caused by limited size of the location buffer to 1024. However as per RFC9110, the limit is recommended to be 8000. This may lead to incorrect URL truncation and redirecting to a wrong location."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-220",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-220 Client-Server Protocol Manipulation"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "PRESENT",
            "attackVector": "NETWORK",
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "LOW",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-131",
              "description": "CWE-131 Incorrect Calculation of Buffer Size",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-03-30T05:57:57.894Z",
        "orgId": "dd77f84a-d19a-4638-8c3d-a322d820ed2b",
        "shortName": "php"
      },
      "references": [
        {
          "url": "https://github.com/php/php-src/security/advisories/GHSA-52jp-hrpf-2jff"
        }
      ],
      "source": {
        "advisory": "https://github.com/php/php-src/security/advisories/GHSA-52jp-hrp",
        "discovery": "INTERNAL"
      },
      "title": "Stream HTTP wrapper truncates redirect location to 1024 bytes",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "dd77f84a-d19a-4638-8c3d-a322d820ed2b",
    "assignerShortName": "php",
    "cveId": "CVE-2025-1861",
    "datePublished": "2025-03-30T05:57:57.894Z",
    "dateReserved": "2025-03-03T04:47:51.192Z",
    "dateUpdated": "2025-11-03T20:57:13.769Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-0395 (GCVE-0-2025-0395)

Vulnerability from cvelistv5 – Published: 2025-01-22 13:11 – Updated: 2026-05-12 12:02
VLAI
Summary
When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.
SSVC
Exploitation: poc Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-131 - Incorrect Calculation of Buffer Size
Assigner
Impacted products
Vendor Product Version
The GNU C Library glibc Affected: 2.13 , ≤ 2.40 (custom)
Create a notification for this product.
Siemens RUGGEDCOM ROX MX5000 Affected: 0 , < V2.17.1 (custom)
Create a notification for this product.
Siemens RUGGEDCOM ROX MX5000RE Affected: 0 , < V2.17.1 (custom)
Create a notification for this product.
Siemens RUGGEDCOM ROX RX1400 Affected: 0 , < V2.17.1 (custom)
Create a notification for this product.
Siemens RUGGEDCOM ROX RX1500 Affected: 0 , < V2.17.1 (custom)
Create a notification for this product.
Siemens RUGGEDCOM ROX RX1501 Affected: 0 , < V2.17.1 (custom)
Create a notification for this product.
Siemens RUGGEDCOM ROX RX1510 Affected: 0 , < V2.17.1 (custom)
Create a notification for this product.
Siemens RUGGEDCOM ROX RX1511 Affected: 0 , < V2.17.1 (custom)
Create a notification for this product.
Siemens RUGGEDCOM ROX RX1512 Affected: 0 , < V2.17.1 (custom)
Create a notification for this product.
Siemens RUGGEDCOM ROX RX1524 Affected: 0 , < V2.17.1 (custom)
Create a notification for this product.
Siemens RUGGEDCOM ROX RX1536 Affected: 0 , < V2.17.1 (custom)
Create a notification for this product.
Siemens RUGGEDCOM ROX RX5000 Affected: 0 , < V2.17.1 (custom)
Create a notification for this product.
Siemens SIMATIC S7-1500 CPU 1518-4 PN/DP MFP Affected: V3.1.0 , < V3.1.5 (custom)
Create a notification for this product.
Siemens SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP Affected: V3.1.0 , < V3.1.5 (custom)
Create a notification for this product.
Siemens SIPLUS S7-1500 CPU 1518-4 PN/DP MFP Affected: V3.1.0 , < V3.1.5 (custom)
Create a notification for this product.
Credits
Qualys Security Advisory
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-04-30T05:03:13.011Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://www.openwall.com/lists/oss-security/2025/01/22/4"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2025/01/23/2"
          },
          {
            "url": "https://security.netapp.com/advisory/ntap-20250228-0006/"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2025/04/13/1"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2025/04/24/7"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/04/msg00039.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 6.2,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-0395",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-02-04T20:45:32.215090Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-04T20:45:35.724Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "affected": [
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM ROX MX5000",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V2.17.1",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM ROX MX5000RE",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V2.17.1",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM ROX RX1400",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V2.17.1",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM ROX RX1500",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V2.17.1",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM ROX RX1501",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V2.17.1",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM ROX RX1510",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V2.17.1",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM ROX RX1511",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V2.17.1",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM ROX RX1512",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V2.17.1",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM ROX RX1524",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V2.17.1",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM ROX RX1536",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V2.17.1",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM ROX RX5000",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V2.17.1",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SIMATIC S7-1500 CPU 1518-4 PN/DP MFP",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V3.1.5",
                "status": "affected",
                "version": "V3.1.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SIMATIC S7-1500 CPU 1518-4 PN/DP MFP",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V3.1.5",
                "status": "affected",
                "version": "V3.1.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V3.1.5",
                "status": "affected",
                "version": "V3.1.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V3.1.5",
                "status": "affected",
                "version": "V3.1.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SIPLUS S7-1500 CPU 1518-4 PN/DP MFP",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V3.1.5",
                "status": "affected",
                "version": "V3.1.0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-12T12:02:14.596Z",
          "orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
          "shortName": "siemens-SADP"
        },
        "references": [
          {
            "url": "https://cert-portal.siemens.com/productcert/html/ssa-398330.html"
          },
          {
            "url": "https://cert-portal.siemens.com/productcert/html/ssa-577017.html"
          }
        ],
        "x_adpType": "supplier"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "glibc",
          "vendor": "The GNU C Library",
          "versions": [
            {
              "lessThanOrEqual": "2.40",
              "status": "affected",
              "version": "2.13",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Qualys Security Advisory"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.\u003cbr\u003e"
            }
          ],
          "value": "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-100",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-100 Overflow Buffers"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-131",
              "description": "CWE-131 Incorrect Calculation of Buffer Size",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-22T15:29:51.366Z",
        "orgId": "3ff69d7a-14f2-4f67-a097-88dee7810d18",
        "shortName": "glibc"
      },
      "references": [
        {
          "url": "https://www.openwall.com/lists/oss-security/2025/01/22/4"
        },
        {
          "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=32582"
        },
        {
          "url": "https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2025-0001"
        },
        {
          "url": "https://sourceware.org/pipermail/libc-announce/2025/000044.html"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "3ff69d7a-14f2-4f67-a097-88dee7810d18",
    "assignerShortName": "glibc",
    "cveId": "CVE-2025-0395",
    "datePublished": "2025-01-22T13:11:30.406Z",
    "dateReserved": "2025-01-11T15:00:14.787Z",
    "dateUpdated": "2026-05-12T12:02:14.596Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-45287 (GCVE-0-2024-45287)

Vulnerability from cvelistv5 – Published: 2024-09-05 03:18 – Updated: 2024-09-26 15:03
VLAI
Title
Multiple vulnerabilities in libnv
Summary
A malicious value of size in a structure of packed libnv can cause an integer overflow, leading to the allocation of a smaller buffer than required for the parsed data.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-131 - Incorrect Calculation of Buffer Size
  • CWE-190 - Integer Overflow or Wraparound
Assigner
Impacted products
Vendor Product Version
FreeBSD FreeBSD Affected: 14.1-RELEASE , < p4 (release)
Affected: 14.0-RELEASE , < p10 (release)
Affected: 13.3-RELEASE , < p6 (release)
Create a notification for this product.
freebsd freebsd Affected: 14.1 , < 14.1_p4 (custom)
Affected: 14.0 , < 14.0_p10 (custom)
Affected: 13.3 , < 13.3_p6 (custom)
    cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*
Create a notification for this product.
Date Public
2024-09-04 23:37
Credits
Synacktiv Taylor R Campbell (NetBSD)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "freebsd",
            "vendor": "freebsd",
            "versions": [
              {
                "lessThan": "14.1_p4",
                "status": "affected",
                "version": "14.1",
                "versionType": "custom"
              },
              {
                "lessThan": "14.0_p10",
                "status": "affected",
                "version": "14.0",
                "versionType": "custom"
              },
              {
                "lessThan": "13.3_p6",
                "status": "affected",
                "version": "13.3",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 9.1,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "NONE",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-45287",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-05T13:16:32.402606Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-05T13:16:36.226Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-09-26T15:03:11.171Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://security.netapp.com/advisory/ntap-20240926-0010/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "modules": [
            "libnv"
          ],
          "product": "FreeBSD",
          "vendor": "FreeBSD",
          "versions": [
            {
              "lessThan": "p4",
              "status": "affected",
              "version": "14.1-RELEASE",
              "versionType": "release"
            },
            {
              "lessThan": "p10",
              "status": "affected",
              "version": "14.0-RELEASE",
              "versionType": "release"
            },
            {
              "lessThan": "p6",
              "status": "affected",
              "version": "13.3-RELEASE",
              "versionType": "release"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Synacktiv"
        },
        {
          "lang": "en",
          "type": "finder",
          "value": "Taylor R Campbell (NetBSD)"
        }
      ],
      "datePublic": "2024-09-04T23:37:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A malicious value of size in a structure of packed libnv can cause an integer overflow, leading to the allocation of a smaller buffer than required for the parsed data."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-131",
              "description": "CWE-131 Incorrect Calculation of Buffer Size",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-190",
              "description": "CWE-190 Integer Overflow or Wraparound",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-09-05T03:18:16.076Z",
        "orgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
        "shortName": "freebsd"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.freebsd.org/advisories/FreeBSD-SA-24:09.libnv.asc"
        }
      ],
      "title": "Multiple vulnerabilities in libnv"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
    "assignerShortName": "freebsd",
    "cveId": "CVE-2024-45287",
    "datePublished": "2024-09-05T03:18:16.076Z",
    "dateReserved": "2024-08-26T14:20:00.870Z",
    "dateUpdated": "2024-09-26T15:03:11.171Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-39808 (GCVE-0-2024-39808)

Vulnerability from cvelistv5 – Published: 2024-09-11 04:03 – Updated: 2024-09-11 13:36
VLAI
Summary
Incorrect Calculation of Buffer Size (CWE-131) in the Controller 6000 and Controller 7000 OSDP message handling, allows an attacker with physical access to Controller wiring to instigate a reboot leading to a denial of service. This issue affects: Controller 6000 and Controller 7000 9.10 prior to vCR9.10.240816a (distributed in 9.10.1530 (MR2)), 9.00 prior to vCR9.00.240816a (distributed in 9.00.2168 (MR4)), 8.90 prior to vCR8.90.240816a (distributed in 8.90.2155 (MR5)), 8.80 prior to vCR8.80.240816b (distributed in 8.80.1938 (MR6)), all versions of 8.70 and prior.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-131 - Incorrect Calculation of Buffer Size
Assigner
Impacted products
Vendor Product Version
Gallagher Controller 6000 and Controller 7000 Affected: 0 , ≤ 8.70 (custom)
Affected: 9.10 , < vCR9.10.240816a (custom)
Affected: 9.00 , < vCR9.00.240816a (custom)
Affected: 8.90 , < vCR8.90.240816a (custom)
Affected: 8.80 , < vCR8.80.240816b (custom)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-39808",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-11T13:36:21.512949Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T13:36:30.656Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Controller 6000 and Controller 7000",
          "vendor": "Gallagher",
          "versions": [
            {
              "lessThanOrEqual": "8.70",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThan": "vCR9.10.240816a",
              "status": "affected",
              "version": "9.10",
              "versionType": "custom"
            },
            {
              "lessThan": "vCR9.00.240816a",
              "status": "affected",
              "version": "9.00",
              "versionType": "custom"
            },
            {
              "lessThan": "vCR8.90.240816a",
              "status": "affected",
              "version": "8.90",
              "versionType": "custom"
            },
            {
              "lessThan": "vCR8.80.240816b",
              "status": "affected",
              "version": "8.80",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIncorrect Calculation of Buffer Size (CWE-131) in the Controller 6000 and Controller 7000 OSDP message handling, allows an attacker with physical access to Controller wiring to instigate a reboot leading to a denial of service. \u003c/span\u003e\n\n\u003cbr\u003e\u003cbr\u003e\u003cb\u003eThis issue affects:\u003c/b\u003e Controller 6000 and Controller 7000 9.10 prior to vCR9.10.240816a (distributed in 9.10.1530 (MR2)), 9.00 prior to vCR9.00.240816a (distributed in 9.00.2168 (MR4)), 8.90 prior to vCR8.90.240816a (distributed in 8.90.2155 (MR5)), 8.80 prior to vCR8.80.240816b (distributed in 8.80.1938 (MR6)), all versions of 8.70 and prior."
            }
          ],
          "value": "Incorrect Calculation of Buffer Size (CWE-131) in the Controller 6000 and Controller 7000 OSDP message handling, allows an attacker with physical access to Controller wiring to instigate a reboot leading to a denial of service. \n\n\n\nThis issue affects: Controller 6000 and Controller 7000 9.10 prior to vCR9.10.240816a (distributed in 9.10.1530 (MR2)), 9.00 prior to vCR9.00.240816a (distributed in 9.00.2168 (MR4)), 8.90 prior to vCR8.90.240816a (distributed in 8.90.2155 (MR5)), 8.80 prior to vCR8.80.240816b (distributed in 8.80.1938 (MR6)), all versions of 8.70 and prior."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "PHYSICAL",
            "availabilityImpact": "HIGH",
            "baseScore": 4.6,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-131",
              "description": "CWE-131 Incorrect Calculation of Buffer Size",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-09-11T04:03:50.955Z",
        "orgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc",
        "shortName": "Gallagher"
      },
      "references": [
        {
          "url": "https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2024-39808"
        }
      ],
      "source": {
        "discovery": "INTERNAL"
      },
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc",
    "assignerShortName": "Gallagher",
    "cveId": "CVE-2024-39808",
    "datePublished": "2024-09-11T04:03:50.955Z",
    "dateReserved": "2024-08-28T02:46:11.085Z",
    "dateUpdated": "2024-09-11T13:36:30.656Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-30405 (GCVE-0-2024-30405)

Vulnerability from cvelistv5 – Published: 2024-04-12 15:04 – Updated: 2024-08-12 17:24
VLAI
Title
Junos OS: SRX 5000 Series with SPC2: Processing of specific crafted packets when ALG is enabled causes a transit traffic Denial of Service
Summary
An Incorrect Calculation of Buffer Size vulnerability in Juniper Networks Junos OS SRX 5000 Series devices using SPC2 line cards while ALGs are enabled allows an attacker sending specific crafted packets to cause a transit traffic Denial of Service (DoS). Continued receipt and processing of these specific packets will sustain the Denial of Service condition. This issue affects: Juniper Networks Junos OS SRX 5000 Series with SPC2 with ALGs enabled. * All versions earlier than 21.2R3-S7; * 21.4 versions earlier than 21.4R3-S6; * 22.1 versions earlier than 22.1R3-S5; * 22.2 versions earlier than 22.2R3-S3; * 22.3 versions earlier than 22.3R3-S2; * 22.4 versions earlier than 22.4R3; * 23.2 versions earlier than 23.2R2.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-131 - Incorrect Calculation of Buffer Size
Assigner
References
Impacted products
Vendor Product Version
Juniper Networks Junos OS Affected: 0 , < 21.2R3-S7 (semver)
Affected: 21.4 , < 21.4R3-S6 (semver)
Affected: 22.1 , < 22.1R3-S5 (semver)
Affected: 22.2 , < 22.2R3-S3 (semver)
Affected: 22.3 , < 22.3R3-S2 (semver)
Affected: 22.4 , < 22.4R3 (semver)
Affected: 23.2 , < 23.2R2 (semver)
Create a notification for this product.
juniper junos Affected: 0 , < 21.2r3-s7 (semver)
Affected: 21.4 , < 21.4r3-s6 (semver)
Affected: 22.1 , < 22.1r3-s5 (semver)
Affected: 22.2 , < 22.2r3-s3 (semver)
Affected: 22.3 , < 22.3r3-s2 (semver)
Affected: 22.4 , < 22.4r3 (semver)
Affected: 23.2 , < 23.2r2 (semver)
    cpe:2.3:o:juniper:junos:*:*:*:*:*:*:*:*
Create a notification for this product.
Date Public
2024-04-10 16:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T01:32:07.230Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://supportportal.juniper.net/JSA79105"
          },
          {
            "tags": [
              "technical-description",
              "x_transferred"
            ],
            "url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:juniper:junos:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "junos",
            "vendor": "juniper",
            "versions": [
              {
                "lessThan": "21.2r3-s7",
                "status": "affected",
                "version": "0",
                "versionType": "semver"
              },
              {
                "lessThan": "21.4r3-s6",
                "status": "affected",
                "version": "21.4",
                "versionType": "semver"
              },
              {
                "lessThan": "22.1r3-s5",
                "status": "affected",
                "version": "22.1",
                "versionType": "semver"
              },
              {
                "lessThan": "22.2r3-s3",
                "status": "affected",
                "version": "22.2",
                "versionType": "semver"
              },
              {
                "lessThan": "22.3r3-s2",
                "status": "affected",
                "version": "22.3",
                "versionType": "semver"
              },
              {
                "lessThan": "22.4r3",
                "status": "affected",
                "version": "22.4",
                "versionType": "semver"
              },
              {
                "lessThan": "23.2r2",
                "status": "affected",
                "version": "23.2",
                "versionType": "semver"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-30405",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-04-12T20:34:45.487020Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-12T17:24:28.664Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "SRX 5000 Series with SPC2"
          ],
          "product": "Junos OS",
          "vendor": "Juniper Networks",
          "versions": [
            {
              "lessThan": "21.2R3-S7",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThan": "21.4R3-S6",
              "status": "affected",
              "version": "21.4",
              "versionType": "semver"
            },
            {
              "lessThan": "22.1R3-S5",
              "status": "affected",
              "version": "22.1",
              "versionType": "semver"
            },
            {
              "lessThan": "22.2R3-S3",
              "status": "affected",
              "version": "22.2",
              "versionType": "semver"
            },
            {
              "lessThan": "22.3R3-S2",
              "status": "affected",
              "version": "22.3",
              "versionType": "semver"
            },
            {
              "lessThan": "22.4R3",
              "status": "affected",
              "version": "22.4",
              "versionType": "semver"
            },
            {
              "lessThan": "23.2R2",
              "status": "affected",
              "version": "23.2",
              "versionType": "semver"
            }
          ]
        }
      ],
      "configurations": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eThe following minimum configuration is required to be exposed to the issue:\u003c/p\u003e\u003cp\u003e\u0026nbsp; [security alg]\u003cbr\u003e\u003c/p\u003e\u003cp\u003e \u003c/p\u003e"
            }
          ],
          "value": "The following minimum configuration is required to be exposed to the issue:\n\n\u00a0 [security alg]"
        }
      ],
      "datePublic": "2024-04-10T16:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "An Incorrect Calculation of Buffer Size vulnerability in Juniper Networks Junos OS SRX 5000 Series devices using SPC2 line cards while ALGs are enabled allows an attacker sending specific crafted packets to cause a transit traffic Denial of Service (DoS).\u003cbr\u003e\u003cbr\u003eContinued receipt and processing of these specific packets will sustain the Denial of Service condition.\u003cbr\u003e\u003cbr\u003eThis issue affects:\u003cbr\u003eJuniper Networks Junos OS SRX 5000 Series with SPC2 with ALGs enabled.\u003cbr\u003e\u003cul\u003e\u003cli\u003eAll versions earlier than 21.2R3-S7;\u003c/li\u003e\u003cli\u003e21.4 versions earlier than 21.4R3-S6;\u003c/li\u003e\u003cli\u003e22.1 versions earlier than 22.1R3-S5;\u003c/li\u003e\u003cli\u003e22.2 versions earlier than 22.2R3-S3;\u003c/li\u003e\u003cli\u003e22.3 versions earlier than 22.3R3-S2;\u003c/li\u003e\u003cli\u003e22.4 versions earlier than 22.4R3;\u003c/li\u003e\u003cli\u003e23.2 versions earlier than 23.2R2.\u0026nbsp;\u003c/li\u003e\u003c/ul\u003e"
            }
          ],
          "value": "An Incorrect Calculation of Buffer Size vulnerability in Juniper Networks Junos OS SRX 5000 Series devices using SPC2 line cards while ALGs are enabled allows an attacker sending specific crafted packets to cause a transit traffic Denial of Service (DoS).\n\nContinued receipt and processing of these specific packets will sustain the Denial of Service condition.\n\nThis issue affects:\nJuniper Networks Junos OS SRX 5000 Series with SPC2 with ALGs enabled.\n  *  All versions earlier than 21.2R3-S7;\n  *  21.4 versions earlier than 21.4R3-S6;\n  *  22.1 versions earlier than 22.1R3-S5;\n  *  22.2 versions earlier than 22.2R3-S3;\n  *  22.3 versions earlier than 22.3R3-S2;\n  *  22.4 versions earlier than 22.4R3;\n  *  23.2 versions earlier than 23.2R2."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eJuniper SIRT is not aware of any malicious exploitation of this vulnerability.\u003c/p\u003e"
            }
          ],
          "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 8.7,
            "baseSeverity": "HIGH",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "LOW",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-131",
              "description": "CWE-131 Incorrect Calculation of Buffer Size",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-05-16T20:37:47.854Z",
        "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
        "shortName": "juniper"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://supportportal.juniper.net/JSA79105"
        },
        {
          "tags": [
            "technical-description"
          ],
          "url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eThe following software releases have been updated to resolve this specific issue:\u0026nbsp;21.2R3-S7, 21.4R3-S6, 22.1R3-S5, 22.2R3-S3, 22.3R3-S2, 22.4R3, 23.2R2, \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e23.4R1, and all subsequent releases.\u003c/span\u003e\u003c/p\u003e"
            }
          ],
          "value": "The following software releases have been updated to resolve this specific issue:\u00a021.2R3-S7, 21.4R3-S6, 22.1R3-S5, 22.2R3-S3, 22.3R3-S2, 22.4R3, 23.2R2, 23.4R1, and all subsequent releases."
        }
      ],
      "source": {
        "advisory": "JSA79105",
        "defect": [
          "1750148"
        ],
        "discovery": "USER"
      },
      "timeline": [
        {
          "lang": "en",
          "time": "2024-04-10T16:00:00.000Z",
          "value": "Initial Publication"
        }
      ],
      "title": "Junos OS: SRX 5000 Series with SPC2: Processing of specific crafted packets when ALG is enabled causes a transit traffic Denial of Service",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eThere are no known workarounds for this issue other than reducing risk by disabling as many ALGs as possible until the device can be upgraded.\u003c/p\u003e"
            }
          ],
          "value": "There are no known workarounds for this issue other than reducing risk by disabling as many ALGs as possible until the device can be upgraded."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.1.0-av217"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
    "assignerShortName": "juniper",
    "cveId": "CVE-2024-30405",
    "datePublished": "2024-04-12T15:04:23.911Z",
    "dateReserved": "2024-03-26T23:06:19.981Z",
    "dateUpdated": "2024-08-12T17:24:28.664Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-28052 (GCVE-0-2024-28052)

Vulnerability from cvelistv5 – Published: 2024-10-30 13:35 – Updated: 2024-10-30 15:03
VLAI
Summary
The WBR-6012 is a wireless SOHO router. It is a low-cost device which functions as an internet gateway for homes and small offices while aiming to be easy to configure and operate. In addition to providing a WiFi access point, the device serves as a 4-port wired router and implements a variety of common SOHO router capabilities such as port forwarding, quality-of-service, web-based administration, a DHCP server, a basic DMZ, and UPnP capabilities.
SSVC
Exploitation: poc Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-131 - Incorrect Calculation of Buffer Size
Assigner
Impacted products
Vendor Product Version
LevelOne WBR-6012 Affected: R0.40e6
Create a notification for this product.
levelone wbr-6012 Affected: R0.40e6
    cpe:2.3:a:levelone:wbr-6012:*:*:*:*:*:*:*:*
Create a notification for this product.
Credits
Discovered by Patrick DeSantis and Francesco Benvenuto of Cisco Talos.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:levelone:wbr-6012:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "wbr-6012",
            "vendor": "levelone",
            "versions": [
              {
                "status": "affected",
                "version": "R0.40e6"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-28052",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-30T14:41:00.559644Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-30T14:41:27.468Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-10-30T15:03:07.955Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1997"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "WBR-6012",
          "vendor": "LevelOne",
          "versions": [
            {
              "status": "affected",
              "version": "R0.40e6"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Discovered by Patrick DeSantis and Francesco Benvenuto of Cisco Talos."
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The WBR-6012 is a wireless SOHO router. It is a low-cost device which functions as an internet gateway for homes and small offices while aiming to be easy to configure and operate. In addition to providing a WiFi access point, the device serves as a 4-port wired router and implements a variety of common SOHO router capabilities such as port forwarding, quality-of-service, web-based administration, a DHCP server, a basic DMZ, and UPnP capabilities."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-131",
              "description": "CWE-131: Incorrect Calculation of Buffer Size",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-30T13:35:14.618Z",
        "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
        "shortName": "talos"
      },
      "references": [
        {
          "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1997",
          "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1997"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
    "assignerShortName": "talos",
    "cveId": "CVE-2024-28052",
    "datePublished": "2024-10-30T13:35:14.618Z",
    "dateReserved": "2024-05-06T19:46:01.544Z",
    "dateUpdated": "2024-10-30T15:03:07.955Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-23805 (GCVE-0-2024-23805)

Vulnerability from cvelistv5 – Published: 2024-02-14 16:30 – Updated: 2025-05-12 15:06
VLAI
Title
F5 Application Visibility and Reporting module and BIG-IP Advanced WAF/ASM vulnerability
Summary
Undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. For the Application Visibility and Reporting module, this may occur when the HTTP Analytics profile with URLs enabled under Collected Entities is configured on a virtual server and the DB variables avr.IncludeServerInURI or avr.CollectOnlyHostnameFromURI are enabled. For BIG-IP Advanced WAF and ASM, this may occur when either a DoS or Bot Defense profile is configured on a virtual server and the DB variables avr.IncludeServerInURI or avr.CollectOnlyHostnameFromURI are enabled. Note: The DB variables avr.IncludeServerInURI and avr.CollectOnlyHostnameFromURI are not enabled by default. For more information about the HTTP Analytics profile and the Collect URLs setting, refer to K30875743: Create a new Analytics profile and attach it to your virtual servers https://my.f5.com/manage/s/article/K30875743 . Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-131 - Incorrect Calculation of Buffer Size
Assigner
f5
References
Impacted products
Vendor Product Version
F5 BIG-IP Affected: 17.1.0 , < 17.1.1 (custom)
Affected: 16.1.0 , < 16.1.4 (custom)
Affected: 15.1.0 , < 15.1.10 (custom)
Create a notification for this product.
Date Public
2024-01-15 00:00
Credits
F5
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T23:13:08.481Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://my.f5.com/manage/s/article/K000137334"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-23805",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-03-11T12:57:12.670523Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-12T15:06:55.185Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "modules": [
            "Advanced WAF",
            "ASM",
            "AVR"
          ],
          "product": "BIG-IP",
          "vendor": "F5",
          "versions": [
            {
              "lessThan": "17.1.1",
              "status": "affected",
              "version": "17.1.0",
              "versionType": "custom"
            },
            {
              "lessThan": "16.1.4",
              "status": "affected",
              "version": "16.1.0",
              "versionType": "custom"
            },
            {
              "lessThan": "15.1.10",
              "status": "affected",
              "version": "15.1.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "F5"
        }
      ],
      "datePublic": "2024-01-15T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\n\u003cp\u003eUndisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. For the Application Visibility and Reporting module, this may occur when the HTTP Analytics profile with URLs enabled under \u003cstrong\u003eCollected Entities\u003c/strong\u003e\u0026nbsp;is configured on a virtual server and the DB variables \u003cstrong\u003eavr.IncludeServerInURI\u003c/strong\u003e\u0026nbsp;or \u003cstrong\u003eavr.CollectOnlyHostnameFromURI\u003c/strong\u003e\u0026nbsp;are enabled. For BIG-IP Advanced WAF and ASM, this may occur when either a DoS or Bot Defense profile is configured on a virtual server and the DB variables \u003cstrong\u003eavr.IncludeServerInURI\u003c/strong\u003e\u0026nbsp;or \u003cstrong\u003eavr.CollectOnlyHostnameFromURI\u003c/strong\u003e\u0026nbsp;are enabled.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNote\u003c/strong\u003e: The DB variables \u003cstrong\u003eavr.IncludeServerInURI\u003c/strong\u003e\u0026nbsp;and \u003cstrong\u003eavr.CollectOnlyHostnameFromURI\u003c/strong\u003e\u0026nbsp;are not enabled by default. For more information about the HTTP Analytics profile and the \u003cstrong\u003eCollect URLs\u003c/strong\u003e\u0026nbsp;setting, refer to \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://my.f5.com/manage/s/article/K30875743\"\u003eK30875743: Create a new Analytics profile and attach it to your virtual servers\u003c/a\u003e.\u003c/p\u003e\n\n \n\n\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated"
            }
          ],
          "value": "\nUndisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. For the Application Visibility and Reporting module, this may occur when the HTTP Analytics profile with URLs enabled under Collected Entities\u00a0is configured on a virtual server and the DB variables avr.IncludeServerInURI\u00a0or avr.CollectOnlyHostnameFromURI\u00a0are enabled. For BIG-IP Advanced WAF and ASM, this may occur when either a DoS or Bot Defense profile is configured on a virtual server and the DB variables avr.IncludeServerInURI\u00a0or avr.CollectOnlyHostnameFromURI\u00a0are enabled.\n\nNote: The DB variables avr.IncludeServerInURI\u00a0and avr.CollectOnlyHostnameFromURI\u00a0are not enabled by default. For more information about the HTTP Analytics profile and the Collect URLs\u00a0setting, refer to  K30875743: Create a new Analytics profile and attach it to your virtual servers https://my.f5.com/manage/s/article/K30875743 .\n\n\n\n \n\n\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-131",
              "description": "CWE-131 Incorrect Calculation of Buffer Size",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-03-05T21:45:19.185Z",
        "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
        "shortName": "f5"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://my.f5.com/manage/s/article/K000137334"
        }
      ],
      "source": {
        "discovery": "INTERNAL"
      },
      "title": "F5 Application Visibility and Reporting module and BIG-IP Advanced WAF/ASM vulnerability",
      "x_generator": {
        "engine": "F5 SIRTBot v1.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
    "assignerShortName": "f5",
    "cveId": "CVE-2024-23805",
    "datePublished": "2024-02-14T16:30:25.339Z",
    "dateReserved": "2024-02-01T22:13:58.511Z",
    "dateUpdated": "2025-05-12T15:06:55.185Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Mitigation
Implementation

When allocating a buffer for the purpose of transforming, converting, or encoding an input, allocate enough memory to handle the largest possible encoding. For example, in a routine that converts "&" characters to "&amp;" for HTML entity encoding, the output buffer needs to be at least 5 times as large as the input buffer.

Mitigation MIT-36
Implementation
  • Understand the programming language's underlying representation and how it interacts with numeric calculation (CWE-681). Pay close attention to byte size discrepancies, precision, signed/unsigned distinctions, truncation, conversion and casting between types, "not-a-number" calculations, and how the language handles numbers that are too large or too small for its underlying representation. [REF-7]
  • Also be careful to account for 32-bit, 64-bit, and other potential differences that may affect the numeric representation.
Mitigation MIT-8
Implementation

Strategy: Input Validation

Perform input validation on any numeric input by ensuring that it is within the expected range. Enforce that the input meets both the minimum and maximum requirements for the expected range.

Mitigation MIT-15
Architecture and Design

For any security checks that are performed on the client side, ensure that these checks are duplicated on the server side, in order to avoid CWE-602. Attackers can bypass the client-side checks by modifying values after the checks have been performed, or by changing the client to remove the client-side checks entirely. Then, these modified values would be submitted to the server.

Mitigation
Implementation

When processing structured incoming data containing a size field followed by raw data, identify and resolve any inconsistencies between the size field and the actual size of the data (CWE-130).

Mitigation
Implementation

When allocating memory that uses sentinels to mark the end of a data structure - such as NUL bytes in strings - make sure you also include the sentinel in your calculation of the total amount of memory that must be allocated.

Mitigation MIT-13
Implementation

Replace unbounded copy functions with analogous functions that support length arguments, such as strcpy with strncpy. Create these if they are not available.

Mitigation
Implementation

Use sizeof() on the appropriate data type to avoid CWE-467.

Mitigation
Implementation

Use the appropriate type for the desired action. For example, in C/C++, only use unsigned types for values that could never be negative, such as height, width, or other numbers related to quantity. This will simplify validation and will reduce surprises related to unexpected casting.

Mitigation MIT-4
Architecture and Design

Strategy: Libraries or Frameworks

  • Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid [REF-1482].
  • Use libraries or frameworks that make it easier to handle numbers without unexpected consequences, or buffer allocation routines that automatically track buffer size.
  • Examples include safe integer handling packages such as SafeInt (C++) or IntegerLib (C or C++). [REF-106]
Mitigation MIT-10
Operation Build and Compilation

Strategy: Environment Hardening

  • Use automatic buffer overflow detection mechanisms that are offered by certain compilers or compiler extensions. Examples include: the Microsoft Visual Studio /GS flag, Fedora/Red Hat FORTIFY_SOURCE GCC flag, StackGuard, and ProPolice, which provide various mechanisms including canary-based detection and range/index checking.
  • D3-SFCV (Stack Frame Canary Validation) from D3FEND [REF-1334] discusses canary-based detection in detail.
Mitigation MIT-11
Operation Build and Compilation

Strategy: Environment Hardening

  • Run or compile the software using features or extensions that randomly arrange the positions of a program's executable and libraries in memory. Because this makes the addresses unpredictable, it can prevent an attacker from reliably jumping to exploitable code.
  • Examples include Address Space Layout Randomization (ASLR) [REF-58] [REF-60] and Position-Independent Executables (PIE) [REF-64]. Imported modules may be similarly realigned if their default memory addresses conflict with other modules, in a process known as "rebasing" (for Windows) and "prelinking" (for Linux) [REF-1332] using randomly generated addresses. ASLR for libraries cannot be used in conjunction with prelink since it would require relocating the libraries at run-time, defeating the whole purpose of prelinking.
  • For more information on these techniques see D3-SAOR (Segment Address Offset Randomization) from D3FEND [REF-1335].
Mitigation MIT-12
Operation

Strategy: Environment Hardening

  • Use a CPU and operating system that offers Data Execution Protection (using hardware NX or XD bits) or the equivalent techniques that simulate this feature in software, such as PaX [REF-60] [REF-61]. These techniques ensure that any instruction executed is exclusively at a memory address that is part of the code segment.
  • For more information on these techniques see D3-PSEP (Process Segment Execution Prevention) from D3FEND [REF-1336].
Mitigation MIT-26
Implementation

Strategy: Compilation or Build Hardening

Examine compiler warnings closely and eliminate problems with potential security implications, such as signed / unsigned mismatch in memory operations, or use of uninitialized variables. Even if the weakness is rarely exploitable, a single failure may lead to the compromise of the entire system.

Mitigation MIT-17
Architecture and Design Operation

Strategy: Environment Hardening

Run your code using the lowest privileges that are required to accomplish the necessary tasks [REF-76]. If possible, create isolated accounts with limited privileges that are only used for a single task. That way, a successful attack will not immediately give the attacker access to the rest of the software or its environment. For example, database applications rarely need to run as the database administrator, especially in day-to-day operations.

Mitigation MIT-22
Architecture and Design Operation

Strategy: Sandbox or Jail

  • Run the code in a "jail" or similar sandbox environment that enforces strict boundaries between the process and the operating system. This may effectively restrict which files can be accessed in a particular directory or which commands can be executed by the software.
  • OS-level examples include the Unix chroot jail, AppArmor, and SELinux. In general, managed code may provide some protection. For example, java.io.FilePermission in the Java SecurityManager allows the software to specify restrictions on file operations.
  • This may not be a feasible solution, and it only limits the impact to the operating system; the rest of the application may still be subject to compromise.
  • Be careful to avoid CWE-243 and other weaknesses related to jails.
CAPEC-100: Overflow Buffers

Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an adversary. As a consequence, an adversary is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the adversaries' choice.

CAPEC-47: Buffer Overflow via Parameter Expansion

In this attack, the target software is given input that the adversary knows will be modified and expanded in size during processing. This attack relies on the target software failing to anticipate that the expanded data may exceed some internal limit, thereby creating a buffer overflow.