GSD-2022-40505
Vulnerability from gsd - Updated: 2023-12-13 01:19Details
Information disclosure due to buffer over-read in Modem while parsing DNS hostname.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2022-40505",
"id": "GSD-2022-40505"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2022-40505"
],
"details": "Information disclosure due to buffer over-read in Modem while parsing DNS hostname.",
"id": "GSD-2022-40505",
"modified": "2023-12-13T01:19:31.362087Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"ID": "CVE-2022-40505",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Snapdragon",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "9205 LTE Modem"
},
{
"version_affected": "=",
"version_value": "9206 LTE Modem"
},
{
"version_affected": "=",
"version_value": "9207 LTE Modem"
},
{
"version_affected": "=",
"version_value": "MDM8207"
},
{
"version_affected": "=",
"version_value": "QCA4004"
},
{
"version_affected": "=",
"version_value": "QCA4010"
},
{
"version_affected": "=",
"version_value": "QTS110"
},
{
"version_affected": "=",
"version_value": "Snapdragon 1100 Wearable Platform"
},
{
"version_affected": "=",
"version_value": "Snapdragon 1200 Wearable Platform"
},
{
"version_affected": "=",
"version_value": "Snapdragon Wear 1300 Platform"
},
{
"version_affected": "=",
"version_value": "Snapdragon X5 LTE Modem"
},
{
"version_affected": "=",
"version_value": "WCD9306"
},
{
"version_affected": "=",
"version_value": "WCD9330"
}
]
}
}
]
},
"vendor_name": "Qualcomm, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Information disclosure due to buffer over-read in Modem while parsing DNS hostname."
}
]
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L",
"version": "3.1"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"cweId": "CWE-126",
"lang": "eng",
"value": "CWE-126 Buffer Over-read"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.qualcomm.com/company/product-security/bulletins/may-2023-bulletin",
"refsource": "MISC",
"url": "https://www.qualcomm.com/company/product-security/bulletins/may-2023-bulletin"
}
]
}
},
"nvd.nist.gov": {
"cve": {
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:qualcomm:9205_lte_modem:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5EB573E2-C2B9-4B12-9EEF-9152FBFE3927",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:qualcomm:9205_lte_modem_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "920F873B-F52D-4754-9726-BECCAD0CAC45",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:qualcomm:9206_lte_modem:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D10A104D-951A-4FA9-938A-1324640A998D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:qualcomm:9206_lte_modem_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E2C2632A-02F2-4C59-AF96-E2C77940360F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:qualcomm:9207_lte_modem:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E12F5DF9-4D12-4321-A92C-86862A91E816",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:qualcomm:9207_lte_modem_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9CB54B6E-0AAE-428D-A264-4BF58A852645",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:qualcomm:mdm8207:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5954E2E1-3A62-4601-8D7F-21B7B2D02370",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:qualcomm:mdm8207_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FE3BA789-3EC2-474D-BD5F-AD67BAE64413",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:qualcomm:qca4004:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E9CFBC24-5F15-40DE-806E-62C1EE808992",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:qualcomm:qca4004_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DFB39496-8699-4DAF-BD7B-AE69260B20CB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:qualcomm:qca4010:-:*:*:*:*:*:*:*",
"matchCriteriaId": "30C10881-C26D-452D-A2D1-8617C2709D60",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:qualcomm:qca4010_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "04F1CE4C-CAF8-4AB9-B44D-ADC2F2E7CF4C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:qualcomm:qts110_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B2D4B026-2118-448D-A48D-36864DE715B8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:qualcomm:qts110:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5ED10480-E005-452C-A03C-D669CE94ABE4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:qualcomm:snapdragon_1100_wearable_platform_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E7760D19-1CE2-4EB1-A81A-EA2DE1E142D2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:qualcomm:snapdragon_1100_wearable_platform:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1E19FA5E-24D1-4E7B-B8A3-BFAA09E4A40C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:qualcomm:snapdragon_1200_wearable_platform_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E89870DD-3B20-4B06-9A51-755E204ECCDB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:qualcomm:snapdragon_1200_wearable_platform:-:*:*:*:*:*:*:*",
"matchCriteriaId": "955F15D0-2F36-45E7-9828-96593DA7DA80",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:qualcomm:snapdragon_wear_1300_platform_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5A402233-B76F-41D5-B7C2-325C8FC4D560",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:qualcomm:snapdragon_wear_1300_platform:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C8643194-C881-408A-AAA1-78572075120A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:qualcomm:snapdragon_x5_lte_modem_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "312A5688-2508-4609-835F-F0957C511AE8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:qualcomm:snapdragon_x5_lte_modem:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ADD6DFCE-2D24-4A68-8B46-FB47ABEC6694",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:qualcomm:wcd9306_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FC012AD0-BCEE-4B1E-9B15-5D77D78CEA01",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:qualcomm:wcd9306:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F51C69B9-F0AB-4BF5-A8C2-64FEB7075593",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:qualcomm:wcd9330_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "43A90019-4E96-40B5-9E4D-CCBDD51ACA34",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:qualcomm:wcd9330:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BC3D23FE-B3D5-4EC3-8268-98F12181966D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"descriptions": [
{
"lang": "en",
"value": "Information disclosure due to buffer over-read in Modem while parsing DNS hostname."
}
],
"id": "CVE-2022-40505",
"lastModified": "2024-04-12T17:16:30.357",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 4.2,
"source": "product-security@qualcomm.com",
"type": "Secondary"
}
]
},
"published": "2023-05-02T06:15:10.173",
"references": [
{
"source": "product-security@qualcomm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.qualcomm.com/company/product-security/bulletins/may-2023-bulletin"
}
],
"sourceIdentifier": "product-security@qualcomm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-126"
}
],
"source": "product-security@qualcomm.com",
"type": "Secondary"
}
]
}
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…