Common Weakness Enumeration

CWE-617

Allowed

Reachable Assertion

Abstraction: Base · Status: Draft

The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.

989 vulnerabilities reference this CWE, most recent first.

CVE-2024-45795 (GCVE-0-2024-45795)

Vulnerability from cvelistv5 – Published: 2024-10-16 18:34 – Updated: 2026-04-02 14:21
VLAI
Title
Suricata detect/datasets: reachable assertion with unimplemented rule option
Summary
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.7, rules using datasets with the non-functional / unimplemented "unset" option can trigger an assertion during traffic parsing, leading to denial of service. This issue is addressed in 7.0.7. As a workaround, use only trusted and well tested rulesets.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
Impacted products
Vendor Product Version
OISF suricata Affected: < 7.0.7
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-45795",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-17T17:14:16.727673Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-02T14:21:40.459Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "suricata",
          "vendor": "OISF",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 7.0.7"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.7, rules using datasets with the non-functional / unimplemented \"unset\" option can trigger an assertion during traffic parsing, leading to denial of service. This issue is addressed in 7.0.7. As a workaround, use only trusted and well tested rulesets."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-617",
              "description": "CWE-617: Reachable Assertion",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-16T18:34:53.179Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/OISF/suricata/security/advisories/GHSA-6r8w-fpw6-cp9g",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/OISF/suricata/security/advisories/GHSA-6r8w-fpw6-cp9g"
        },
        {
          "name": "https://redmine.openinfosecfoundation.org/issues/7195",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://redmine.openinfosecfoundation.org/issues/7195"
        }
      ],
      "source": {
        "advisory": "GHSA-6r8w-fpw6-cp9g",
        "discovery": "UNKNOWN"
      },
      "title": "Suricata detect/datasets: reachable assertion with unimplemented rule option"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2024-45795",
    "datePublished": "2024-10-16T18:34:53.179Z",
    "dateReserved": "2024-09-09T14:23:07.502Z",
    "dateUpdated": "2026-04-02T14:21:40.459Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-45403 (GCVE-0-2024-45403)

Vulnerability from cvelistv5 – Published: 2024-10-11 14:28 – Updated: 2024-10-11 14:40
VLAI
Title
H2O assertion failure when HTTP/3 requests are cancelled
Summary
h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. When h2o is configured as a reverse proxy and HTTP/3 requests are cancelled by the client, h2o might crash due to an assertion failure. The crash can be exploited by an attacker to mount a Denial-of-Service attack. By default, the h2o standalone server automatically restarts, minimizing the impact. However, HTTP requests that were served concurrently will still be disrupted. The vulnerability has been addressed in commit 1ed32b2. Users may disable the use of HTTP/3 to mitigate the issue.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
Impacted products
Vendor Product Version
h2o h2o Affected: >= 16b13eee8ad7895b4fe3fcbcabee53bd52782562, < 1ed32b23f999acf0c5029f09c8525f93eb1d354c
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-45403",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-11T14:40:44.124164Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-11T14:40:53.132Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "h2o",
          "vendor": "h2o",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 16b13eee8ad7895b4fe3fcbcabee53bd52782562, \u003c 1ed32b23f999acf0c5029f09c8525f93eb1d354c"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. When h2o is configured as a reverse proxy and HTTP/3 requests are cancelled by the client, h2o might crash due to an assertion failure. The crash can be exploited by an attacker to mount a Denial-of-Service attack. By default, the h2o standalone server automatically restarts, minimizing the impact. However, HTTP requests that were served concurrently will still be disrupted. The vulnerability has been addressed in commit 1ed32b2. Users may disable the use of HTTP/3 to mitigate the issue."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-617",
              "description": "CWE-617: Reachable Assertion",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-11T14:28:35.262Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/h2o/h2o/security/advisories/GHSA-4xp5-3jhc-3m92",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/h2o/h2o/security/advisories/GHSA-4xp5-3jhc-3m92"
        },
        {
          "name": "https://github.com/h2o/h2o/commit/16b13eee8ad7895b4fe3fcbcabee53bd52782562",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/h2o/h2o/commit/16b13eee8ad7895b4fe3fcbcabee53bd52782562"
        },
        {
          "name": "https://github.com/h2o/h2o/commit/1ed32b23f999acf0c5029f09c8525f93eb1d354c",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/h2o/h2o/commit/1ed32b23f999acf0c5029f09c8525f93eb1d354c"
        },
        {
          "name": "https://h2o.examp1e.net/configure/http3_directives.html",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://h2o.examp1e.net/configure/http3_directives.html"
        }
      ],
      "source": {
        "advisory": "GHSA-4xp5-3jhc-3m92",
        "discovery": "UNKNOWN"
      },
      "title": "H2O assertion failure when HTTP/3 requests are cancelled"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2024-45403",
    "datePublished": "2024-10-11T14:28:35.262Z",
    "dateReserved": "2024-08-28T20:21:32.803Z",
    "dateUpdated": "2024-10-11T14:40:53.132Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-45396 (GCVE-0-2024-45396)

Vulnerability from cvelistv5 – Published: 2024-10-11 14:36 – Updated: 2024-10-15 16:11
VLAI
Title
Quicly assertion failures
Summary
Quicly is an IETF QUIC protocol implementation. Quicly up to commtit d720707 is susceptible to a denial-of-service attack. A remote attacker can exploit these bugs to trigger an assertion failure that crashes process using quicly. The vulnerability is addressed with commit 2a95896104901589c495bc41460262e64ffcad5c.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
Impacted products
Vendor Product Version
h2o quicly Affected: < 2a95896104901589c495bc41460262e64ffcad5c
Create a notification for this product.
h2o_project quicly Affected: 0 , < 2a95896104901589c495bc41460262e64ffcad5c (custom)
    cpe:2.3:a:h2o_project:quicly:*:*:*:*:*:*:*:*
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:h2o_project:quicly:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "quicly",
            "vendor": "h2o_project",
            "versions": [
              {
                "lessThan": "2a95896104901589c495bc41460262e64ffcad5c",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-45396",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-11T14:58:33.821142Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-15T16:11:05.956Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "quicly",
          "vendor": "h2o",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 2a95896104901589c495bc41460262e64ffcad5c"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Quicly is an IETF QUIC protocol implementation. Quicly up to commtit d720707 is susceptible to a denial-of-service attack. A remote attacker can exploit these bugs to trigger an assertion failure that crashes process using quicly. The vulnerability is addressed with commit 2a95896104901589c495bc41460262e64ffcad5c."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-617",
              "description": "CWE-617: Reachable Assertion",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-11T14:36:38.172Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/h2o/quicly/security/advisories/GHSA-mp3c-h5gg-mm6p",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/h2o/quicly/security/advisories/GHSA-mp3c-h5gg-mm6p"
        },
        {
          "name": "https://github.com/h2o/quicly/commit/2a95896104901589c495bc41460262e64ffcad5c",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/h2o/quicly/commit/2a95896104901589c495bc41460262e64ffcad5c"
        }
      ],
      "source": {
        "advisory": "GHSA-mp3c-h5gg-mm6p",
        "discovery": "UNKNOWN"
      },
      "title": "Quicly assertion failures"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2024-45396",
    "datePublished": "2024-10-11T14:36:38.172Z",
    "dateReserved": "2024-08-28T20:21:32.802Z",
    "dateUpdated": "2024-10-15T16:11:05.956Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-39949 (GCVE-0-2024-39949)

Vulnerability from cvelistv5 – Published: 2024-07-31 03:42 – Updated: 2025-09-30 03:36
VLAI
Summary
A vulnerability has been found in Dahua products. Attackers can send carefully crafted data packets to the interface with vulnerabilities, causing the device to crash.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-617 - Reachable Assertion
  • CWE-20 - Improper Input Validation
Assigner
Impacted products
Vendor Product Version
Dahua NVR4XXX Affected: NVR4XXX Versions which Build time before 2023/12/13
Create a notification for this product.
dahuasecurity nvr4xxx_firmware Affected: 0 , < 2023.12.13 (custom)
    cpe:2.3:h:dahuasecurity:nvr4216-i:-:*:*:*:*:*:*:*
    cpe:2.3:h:dahuasecurity:nvr4416-16p-4ks2\/i:-:*:*:*:*:*:*:*
    cpe:2.3:h:dahuasecurity:nvr4416-4ks2\/i:-:*:*:*:*:*:*:*
    cpe:2.3:h:dahuasecurity:nvr4432-16p-4ks2\/i:-:*:*:*:*:*:*:*
    cpe:2.3:h:dahuasecurity:nvr4432-4ks2\/i:-:*:*:*:*:*:*:*
    cpe:2.3:h:dahuasecurity:nvr4432-i:-:*:*:*:*:*:*:*
    cpe:2.3:h:dahuasecurity:nvr4816-16p-4ks2\/i:-:*:*:*:*:*:*:*
    cpe:2.3:h:dahuasecurity:nvr4816-4ks2\/i:-:*:*:*:*:*:*:*
    cpe:2.3:h:dahuasecurity:nvr4832-16p-4ks2\/i:-:*:*:*:*:*:*:*
    cpe:2.3:h:dahuasecurity:nvr4832-4ks2\/i:-:*:*:*:*:*:*:*
    cpe:2.3:h:dahuasecurity:nvr4832-i:-:*:*:*:*:*:*:*
Create a notification for this product.
Date Public
2024-07-31 03:40
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:h:dahuasecurity:nvr4216-i:-:*:*:*:*:*:*:*",
              "cpe:2.3:h:dahuasecurity:nvr4416-16p-4ks2\\/i:-:*:*:*:*:*:*:*",
              "cpe:2.3:h:dahuasecurity:nvr4416-4ks2\\/i:-:*:*:*:*:*:*:*",
              "cpe:2.3:h:dahuasecurity:nvr4432-16p-4ks2\\/i:-:*:*:*:*:*:*:*",
              "cpe:2.3:h:dahuasecurity:nvr4432-4ks2\\/i:-:*:*:*:*:*:*:*",
              "cpe:2.3:h:dahuasecurity:nvr4432-i:-:*:*:*:*:*:*:*",
              "cpe:2.3:h:dahuasecurity:nvr4816-16p-4ks2\\/i:-:*:*:*:*:*:*:*",
              "cpe:2.3:h:dahuasecurity:nvr4816-4ks2\\/i:-:*:*:*:*:*:*:*",
              "cpe:2.3:h:dahuasecurity:nvr4832-16p-4ks2\\/i:-:*:*:*:*:*:*:*",
              "cpe:2.3:h:dahuasecurity:nvr4832-4ks2\\/i:-:*:*:*:*:*:*:*",
              "cpe:2.3:h:dahuasecurity:nvr4832-i:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "nvr4xxx_firmware",
            "vendor": "dahuasecurity",
            "versions": [
              {
                "lessThan": "2023.12.13",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-39949",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-31T13:00:04.189477Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-20",
                "description": "CWE-20 Improper Input Validation",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-31T18:54:08.500Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "NVR4XXX",
          "vendor": "Dahua",
          "versions": [
            {
              "status": "affected",
              "version": "NVR4XXX Versions which Build time before 2023/12/13"
            }
          ]
        }
      ],
      "datePublic": "2024-07-31T03:40:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A vulnerability has been found in Dahua products.\u0026nbsp;\u003cspan style=\"background-color: var(--wht);\"\u003eAttackers can send carefully crafted data packets to the interface with vulnerabilities, causing the device to crash.\u003c/span\u003e\u003cbr\u003e\u003cbr\u003e"
            }
          ],
          "value": "A vulnerability has been found in Dahua products.\u00a0Attackers can send carefully crafted data packets to the interface with vulnerabilities, causing the device to crash."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-617",
              "description": "CWE-617 Reachable Assertion",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-30T03:36:51.320Z",
        "orgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
        "shortName": "dahua"
      },
      "references": [
        {
          "url": "https://www.dahuasecurity.com/aboutUs/trustedCenter/details/768"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
    "assignerShortName": "dahua",
    "cveId": "CVE-2024-39949",
    "datePublished": "2024-07-31T03:42:39.981Z",
    "dateReserved": "2024-07-05T03:08:11.184Z",
    "dateUpdated": "2025-09-30T03:36:51.320Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-39697 (GCVE-0-2024-39697)

Vulnerability from cvelistv5 – Published: 2024-07-09 14:16 – Updated: 2024-08-02 04:26
VLAI
Title
phonenumber panics on parsing crafted phonenumber inputs
Summary
phonenumber is a library for parsing, formatting and validating international phone numbers. Since 0.3.4, the phonenumber parsing code may panic due to a panic-guarded out-of-bounds access on the phonenumber string. In a typical deployment of rust-phonenumber, this may get triggered by feeding a maliciously crafted phonenumber, e.g. over the network, specifically strings of the form `+dwPAA;phone-context=AA`, where the "number" part potentially parses as a number larger than 2^56. This vulnerability is fixed in 0.3.6.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-284 - Improper Access Control
  • CWE-392 - Missing Report of Error Condition
  • CWE-1284 - Improper Validation of Specified Quantity in Input
  • CWE-617 - Reachable Assertion
Assigner
Impacted products
Vendor Product Version
whisperfish rust-phonenumber Affected: >= 0.3.4, < 0.3.6
Create a notification for this product.
whisperfish phonenumber Affected: 0.3.4 , < 0.3.6 (custom)
    cpe:2.3:a:whisperfish:phonenumber:*:*:*:*:*:rust:*:*
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:whisperfish:phonenumber:*:*:*:*:*:rust:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "phonenumber",
            "vendor": "whisperfish",
            "versions": [
              {
                "lessThan": "0.3.6",
                "status": "affected",
                "version": "0.3.4",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-39697",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-15T21:32:25.872927Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-15T21:33:39.716Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T04:26:16.016Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://github.com/whisperfish/rust-phonenumber/security/advisories/GHSA-mjw4-jj88-v687",
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/whisperfish/rust-phonenumber/security/advisories/GHSA-mjw4-jj88-v687"
          },
          {
            "name": "https://github.com/whisperfish/rust-phonenumber/issues/69",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/whisperfish/rust-phonenumber/issues/69"
          },
          {
            "name": "https://github.com/whisperfish/rust-phonenumber/pull/52",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/whisperfish/rust-phonenumber/pull/52"
          },
          {
            "name": "https://github.com/whisperfish/rust-phonenumber/commit/b792151b17fc90231c232a23935830c2266f3203",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/whisperfish/rust-phonenumber/commit/b792151b17fc90231c232a23935830c2266f3203"
          },
          {
            "name": "https://github.com/whisperfish/rust-phonenumber/commit/f69abee1481fac0d6d531407bae90020e39c6407",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/whisperfish/rust-phonenumber/commit/f69abee1481fac0d6d531407bae90020e39c6407"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "rust-phonenumber",
          "vendor": "whisperfish",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 0.3.4, \u003c 0.3.6"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "phonenumber is a library for parsing, formatting and validating international phone numbers. Since 0.3.4, the phonenumber parsing code may panic due to a panic-guarded out-of-bounds access on the phonenumber string. In a typical deployment of rust-phonenumber, this may get triggered by feeding a maliciously crafted phonenumber, e.g. over the network, specifically strings of the form `+dwPAA;phone-context=AA`, where the \"number\" part potentially parses as a number larger than 2^56. This vulnerability is fixed in 0.3.6."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-284",
              "description": "CWE-284: Improper Access Control",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-392",
              "description": "CWE-392: Missing Report of Error Condition",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-1284",
              "description": "CWE-1284: Improper Validation of Specified Quantity in Input",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-617",
              "description": "CWE-617: Reachable Assertion",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-07-09T14:16:38.493Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/whisperfish/rust-phonenumber/security/advisories/GHSA-mjw4-jj88-v687",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/whisperfish/rust-phonenumber/security/advisories/GHSA-mjw4-jj88-v687"
        },
        {
          "name": "https://github.com/whisperfish/rust-phonenumber/issues/69",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/whisperfish/rust-phonenumber/issues/69"
        },
        {
          "name": "https://github.com/whisperfish/rust-phonenumber/pull/52",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/whisperfish/rust-phonenumber/pull/52"
        },
        {
          "name": "https://github.com/whisperfish/rust-phonenumber/commit/b792151b17fc90231c232a23935830c2266f3203",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/whisperfish/rust-phonenumber/commit/b792151b17fc90231c232a23935830c2266f3203"
        },
        {
          "name": "https://github.com/whisperfish/rust-phonenumber/commit/f69abee1481fac0d6d531407bae90020e39c6407",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/whisperfish/rust-phonenumber/commit/f69abee1481fac0d6d531407bae90020e39c6407"
        }
      ],
      "source": {
        "advisory": "GHSA-mjw4-jj88-v687",
        "discovery": "UNKNOWN"
      },
      "title": "phonenumber panics on parsing crafted phonenumber inputs"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2024-39697",
    "datePublished": "2024-07-09T14:16:38.493Z",
    "dateReserved": "2024-06-27T18:44:13.037Z",
    "dateUpdated": "2024-08-02T04:26:16.016Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-33601 (GCVE-0-2024-33601)

Vulnerability from cvelistv5 – Published: 2024-05-06 19:22 – Updated: 2026-07-14 12:37
VLAI
Title
nscd: netgroup cache may terminate daemon on memory allocation failure
Summary
nscd: netgroup cache may terminate daemon on memory allocation failure The Name Service Cache Daemon's (nscd) netgroup cache uses xmalloc or xrealloc and these functions may terminate the process due to a memory allocation failure resulting in a denial of service to the clients. The flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerability is only present in the nscd binary.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
Impacted products
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:gnu:glibc:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "glibc",
            "vendor": "gnu",
            "versions": [
              {
                "lessThan": "2.40",
                "status": "affected",
                "version": "2.15",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "LOW",
              "baseScore": 7.3,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "LOW",
              "integrityImpact": "LOW",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-33601",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-09T17:26:01.322253Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-18T13:55:13.348Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T02:36:04.342Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0007"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20240524-0014/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00026.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2024/07/22/5"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "defaultStatus": "unknown",
            "product": "SIMATIC S7-1500 CPU 1518-4 PN/DP MFP",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "*",
                "status": "affected",
                "version": "V3.1.5",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SIMATIC S7-1500 CPU 1518-4 PN/DP MFP",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "*",
                "status": "affected",
                "version": "V3.1.5",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "*",
                "status": "affected",
                "version": "V3.1.5",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "*",
                "status": "affected",
                "version": "V3.1.5",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SIPLUS S7-1500 CPU 1518-4 PN/DP MFP",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "*",
                "status": "affected",
                "version": "V3.1.5",
                "versionType": "custom"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-07-14T12:37:52.755Z",
          "orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
          "shortName": "siemens-SADP"
        },
        "references": [
          {
            "url": "https://cert-portal.siemens.com/productcert/html/ssa-082556.html"
          }
        ],
        "x_adpType": "supplier"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "glibc",
          "vendor": "The GNU C Library",
          "versions": [
            {
              "lessThan": "2.40",
              "status": "affected",
              "version": "2.15",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cdiv\u003enscd: netgroup cache may terminate daemon on memory allocation failure\u003cbr\u003e\u003cbr\u003eThe Name Service Cache Daemon\u0027s (nscd) netgroup cache uses xmalloc or\u003cbr\u003exrealloc and these functions may terminate the process due to a memory\u003cbr\u003eallocation failure resulting in a denial of service to the clients.  The\u003cbr\u003eflaw was introduced in glibc 2.15 when the cache was added to nscd.\u003cbr\u003e\u003cbr\u003eThis vulnerability is only present in the nscd binary.\u003cbr\u003e\u003c/div\u003e"
            }
          ],
          "value": "nscd: netgroup cache may terminate daemon on memory allocation failure\n\nThe Name Service Cache Daemon\u0027s (nscd) netgroup cache uses xmalloc or\nxrealloc and these functions may terminate the process due to a memory\nallocation failure resulting in a denial of service to the clients.  The\nflaw was introduced in glibc 2.15 when the cache was added to nscd.\n\nThis vulnerability is only present in the nscd binary."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-130",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-130 Excessive Allocation"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-617",
              "description": "CWE-617 Reachable Assertion",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-07-22T18:06:12.587Z",
        "orgId": "3ff69d7a-14f2-4f67-a097-88dee7810d18",
        "shortName": "glibc"
      },
      "references": [
        {
          "url": "https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0007"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20240524-0014/"
        },
        {
          "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00026.html"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2024/07/22/5"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "nscd: netgroup cache may terminate daemon on memory allocation failure",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "3ff69d7a-14f2-4f67-a097-88dee7810d18",
    "assignerShortName": "glibc",
    "cveId": "CVE-2024-33601",
    "datePublished": "2024-05-06T19:22:07.763Z",
    "dateReserved": "2024-04-24T20:35:08.340Z",
    "dateUpdated": "2026-07-14T12:37:52.755Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-32475 (GCVE-0-2024-32475)

Vulnerability from cvelistv5 – Published: 2024-04-18 14:18 – Updated: 2024-08-02 02:13
VLAI
Title
Envoy RELEASE_ASSERT using auto_sni with :authority header > 255 bytes
Summary
Envoy is a cloud-native, open source edge and service proxy. When an upstream TLS cluster is used with `auto_sni` enabled, a request containing a `host`/`:authority` header longer than 255 characters triggers an abnormal termination of Envoy process. Envoy does not gracefully handle an error when setting SNI for outbound TLS connection. The error can occur when Envoy attempts to use the `host`/`:authority` header value longer than 255 characters as SNI for outbound TLS connection. SNI length is limited to 255 characters per the standard. Envoy always expects this operation to succeed and abnormally aborts the process when it fails. This vulnerability is fixed in 1.30.1, 1.29.4, 1.28.3, and 1.27.5.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-253 - Incorrect Check of Function Return Value
  • CWE-617 - Reachable Assertion
Assigner
References
Impacted products
Vendor Product Version
envoyproxy envoy Affected: >= 1.30.0, < 11.30.1
Affected: >= 1.29.0, < 1.29.4
Affected: >= 1.28.0, < 1.28.3
Affected: >= 1.13.0, < 1.27.5
Create a notification for this product.
envoyproxy envoy Affected: 1.13.0 , < 1.27.5 (semver)
    cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "envoy",
            "vendor": "envoyproxy",
            "versions": [
              {
                "lessThan": "1.27.5",
                "status": "affected",
                "version": "1.13.0",
                "versionType": "semver"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-32475",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-04-23T19:38:07.050413Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:51:20.709Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T02:13:39.139Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-3mh5-6q8v-25wj",
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-3mh5-6q8v-25wj"
          },
          {
            "name": "https://github.com/envoyproxy/envoy/commit/b47fc6648d7c2dfe0093a601d44cb704b7bad382",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/envoyproxy/envoy/commit/b47fc6648d7c2dfe0093a601d44cb704b7bad382"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "envoy",
          "vendor": "envoyproxy",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 1.30.0, \u003c 11.30.1"
            },
            {
              "status": "affected",
              "version": "\u003e= 1.29.0, \u003c 1.29.4"
            },
            {
              "status": "affected",
              "version": "\u003e= 1.28.0, \u003c 1.28.3"
            },
            {
              "status": "affected",
              "version": "\u003e= 1.13.0, \u003c 1.27.5"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Envoy is a cloud-native, open source edge and service proxy. When an upstream TLS cluster is used with `auto_sni` enabled, a request containing a `host`/`:authority` header longer than 255 characters triggers an abnormal termination of Envoy process. Envoy does not gracefully handle an error when setting SNI for outbound TLS connection. The error can occur when Envoy attempts to use the `host`/`:authority` header value longer than 255 characters as SNI for outbound TLS connection. SNI length is limited to 255 characters per the standard. Envoy always expects this operation to succeed and abnormally aborts the process when it fails. This vulnerability is fixed in 1.30.1, 1.29.4, 1.28.3, and 1.27.5.\n"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-253",
              "description": "CWE-253: Incorrect Check of Function Return Value",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-617",
              "description": "CWE-617: Reachable Assertion",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-04-18T14:18:18.947Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-3mh5-6q8v-25wj",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-3mh5-6q8v-25wj"
        },
        {
          "name": "https://github.com/envoyproxy/envoy/commit/b47fc6648d7c2dfe0093a601d44cb704b7bad382",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/envoyproxy/envoy/commit/b47fc6648d7c2dfe0093a601d44cb704b7bad382"
        }
      ],
      "source": {
        "advisory": "GHSA-3mh5-6q8v-25wj",
        "discovery": "UNKNOWN"
      },
      "title": "Envoy RELEASE_ASSERT using auto_sni with :authority header \u003e 255 bytes"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2024-32475",
    "datePublished": "2024-04-18T14:18:18.947Z",
    "dateReserved": "2024-04-12T19:41:51.167Z",
    "dateUpdated": "2024-08-02T02:13:39.139Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-23385 (GCVE-0-2024-23385)

Vulnerability from cvelistv5 – Published: 2024-11-04 10:04 – Updated: 2024-11-04 14:15
VLAI
Title
Reachable Assertion in Modem
Summary
Transient DOS as modem reset occurs when an unexpected MAC RAR (with invalid PDU length) is seen at UE.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
Impacted products
Vendor Product Version
Qualcomm, Inc. Snapdragon Affected: APQ8017
Affected: APQ8037
Affected: AR8035
Affected: FastConnect 6200
Affected: FastConnect 6700
Affected: FastConnect 6900
Affected: FastConnect 7800
Affected: FSM10055
Affected: FSM10056
Affected: MSM8108
Affected: MSM8209
Affected: MSM8608
Affected: QCA6174A
Affected: QCA6574A
Affected: QCA6574AU
Affected: QCA6584AU
Affected: QCA6595AU
Affected: QCA6696
Affected: QCA6698AQ
Affected: QCA8081
Affected: QCA8337
Affected: QCC710
Affected: QCM4490
Affected: QCM8550
Affected: QCN6024
Affected: QCN6224
Affected: QCN6274
Affected: QCN9024
Affected: QCS4490
Affected: QCS8550
Affected: QEP8111
Affected: QFW7114
Affected: QFW7124
Affected: Qualcomm 205 Mobile Platform
Affected: SDM429W
Affected: SDX55
Affected: SDX57M
Affected: SDX61
Affected: SDX71M
Affected: SG8275P
Affected: SM6370
Affected: SM8550P
Affected: SM8635
Affected: Smart Audio 200 Platform
Affected: Snapdragon 208 Processor
Affected: Snapdragon 210 Processor
Affected: Snapdragon 212 Mobile Platform
Affected: Snapdragon 4 Gen 1 Mobile Platform
Affected: Snapdragon 425 Mobile Platform
Affected: Snapdragon 429 Mobile Platform
Affected: Snapdragon 430 Mobile Platform
Affected: Snapdragon 439 Mobile Platform
Affected: Snapdragon 480 5G Mobile Platform
Affected: Snapdragon 480+ 5G Mobile Platform (SM4350-AC)
Affected: Snapdragon 695 5G Mobile Platform
Affected: Snapdragon 8 Gen 1 Mobile Platform
Affected: Snapdragon 8 Gen 2 Mobile Platform
Affected: Snapdragon 8 Gen 3 Mobile Platform
Affected: Snapdragon 8+ Gen 1 Mobile Platform
Affected: Snapdragon 8+ Gen 2 Mobile Platform
Affected: Snapdragon Auto 5G Modem-RF Gen 2
Affected: Snapdragon Wear 4100+ Platform
Affected: Snapdragon X35 5G Modem-RF System
Affected: Snapdragon X62 5G Modem-RF System
Affected: Snapdragon X65 5G Modem-RF System
Affected: Snapdragon X70 Modem-RF System
Affected: Snapdragon X72 5G Modem-RF System
Affected: Snapdragon X75 5G Modem-RF System
Affected: WCD9326
Affected: WCD9340
Affected: WCD9360
Affected: WCD9370
Affected: WCD9375
Affected: WCD9380
Affected: WCD9385
Affected: WCD9390
Affected: WCD9395
Affected: WCN3610
Affected: WCN3615
Affected: WCN3620
Affected: WCN3660B
Affected: WCN3680B
Affected: WCN3950
Affected: WCN3980
Affected: WCN3988
Affected: WCN6755
Affected: WSA8810
Affected: WSA8815
Affected: WSA8830
Affected: WSA8832
Affected: WSA8835
Affected: WSA8840
Affected: WSA8845
Affected: WSA8845H
Create a notification for this product.
qualcomm apq8017_firmware Affected: 0 , ≤ * (custom)
    cpe:2.3:o:qualcomm:apq8017_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
qualcomm apq8037_firmware Affected: 0 , ≤ * (custom)
    cpe:2.3:o:qualcomm:apq8037_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
qualcomm ar8035_firmware Affected: 0 , ≤ * (custom)
    cpe:2.3:o:qualcomm:ar8035_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
qualcomm fastconnect_6200_firmware Affected: 0 , ≤ * (custom)
    cpe:2.3:o:qualcomm:fastconnect_6200_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
qualcomm fastconnect_6700_firmware Affected: 0 , ≤ * (custom)
    cpe:2.3:o:qualcomm:fastconnect_6700_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
qualcomm fastconnect_6900_firmware Affected: 0 , ≤ * (custom)
    cpe:2.3:o:qualcomm:fastconnect_6900_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
qualcomm fastconnect_7800_firmware Affected: 0 , ≤ * (custom)
    cpe:2.3:o:qualcomm:fastconnect_7800_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
qualcomm fsm10055_firmware Affected: 0 , ≤ * (custom)
    cpe:2.3:o:qualcomm:fsm10055_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
qualcomm fsm10056_firmware Affected: 0 , ≤ * (custom)
    cpe:2.3:o:qualcomm:fsm10056_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
qualcomm msm8108_firmware Affected: 0 , ≤ * (custom)
    cpe:2.3:o:qualcomm:msm8108_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
qualcomm msm8209_firmware Affected: 0 , ≤ * (custom)
    cpe:2.3:o:qualcomm:msm8209_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
qualcomm msm8608_firmware Affected: 0 , ≤ * (custom)
    cpe:2.3:o:qualcomm:msm8608_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
qualcomm qca6174a_firmware Affected: 0 , ≤ * (custom)
    cpe:2.3:o:qualcomm:qca6174a_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
qualcomm qca6574a_firmware Affected: 0 , ≤ * (custom)
    cpe:2.3:o:qualcomm:qca6574a_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
qualcomm qca6574au_firmware Affected: 0 , ≤ * (custom)
    cpe:2.3:o:qualcomm:qca6574au_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
qualcomm qca6584au_firmware Affected: 0 , ≤ * (custom)
    cpe:2.3:o:qualcomm:qca6584au_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
qualcomm qca6595au_firmware Affected: 0 , ≤ * (custom)
    cpe:2.3:o:qualcomm:qca6595au_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
qualcomm qca6696_firmware Affected: 0 , ≤ * (custom)
    cpe:2.3:o:qualcomm:qca6696_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
qualcomm qca6698aq_firmware Affected: 0 , ≤ * (custom)
    cpe:2.3:o:qualcomm:qca6698aq_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
qualcomm qca8081_firmware Affected: 0 , ≤ * (custom)
    cpe:2.3:o:qualcomm:qca8081_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
qualcomm qca8337_firmware Affected: 0 , ≤ * (custom)
    cpe:2.3:o:qualcomm:qca8337_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
qualcomm qcc710_firmware Affected: 0 , ≤ * (custom)
    cpe:2.3:o:qualcomm:qcc710_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
qualcomm qcm4490_firmware Affected: 0 , ≤ * (custom)
    cpe:2.3:o:qualcomm:qcm4490_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
qualcomm qcm8550_firmware Affected: 0 , ≤ * (custom)
    cpe:2.3:o:qualcomm:qcm8550_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
qualcomm qcn6024_firmware Affected: 0 , ≤ * (custom)
    cpe:2.3:o:qualcomm:qcn6024_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
qualcomm qcn6224_firmware Affected: 0 , ≤ * (custom)
    cpe:2.3:o:qualcomm:qcn6224_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
qualcomm qcn6274_firmware Affected: 0 , ≤ * (custom)
    cpe:2.3:o:qualcomm:qcn6274_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
qualcomm qcn9024_firmware Affected: 0 , ≤ * (custom)
    cpe:2.3:o:qualcomm:qcn9024_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
qualcomm qcs4490_firmware Affected: 0 , ≤ * (custom)
    cpe:2.3:o:qualcomm:qcs4490_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
qualcomm qcs8550_firmware Affected: 0 , ≤ * (custom)
    cpe:2.3:o:qualcomm:qcs8550_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
qualcomm qep8111_firmware Affected: 0 , ≤ * (custom)
    cpe:2.3:o:qualcomm:qep8111_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
qualcomm qfw7114_firmware Affected: 0 , ≤ * (custom)
    cpe:2.3:o:qualcomm:qfw7114_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
qualcomm qfw7124_firmware Affected: 0 , ≤ * (custom)
    cpe:2.3:o:qualcomm:qfw7124_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
qualcomm qualcomm_205_mobile_platform_firmware Affected: 0 , ≤ * (custom)
    cpe:2.3:o:qualcomm:qualcomm_205_mobile_platform_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
qualcomm sdm429w_firmware Affected: 0 , ≤ * (custom)
    cpe:2.3:o:qualcomm:sdm429w_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
qualcomm sdx55_firmware Affected: 0 , ≤ * (custom)
    cpe:2.3:o:qualcomm:sdx55_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
qualcomm sdx57m_firmware Affected: 0 , ≤ * (custom)
    cpe:2.3:o:qualcomm:sdx57m_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
qualcomm sdx61_firmware Affected: 0 , ≤ * (custom)
    cpe:2.3:o:qualcomm:sdx61_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
qualcomm sdx71m_firmware Affected: 0 , ≤ * (custom)
    cpe:2.3:o:qualcomm:sdx71m_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
qualcomm sg8275p_firmware Affected: 0 , ≤ * (custom)
    cpe:2.3:o:qualcomm:sg8275p_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
qualcomm sm6370_firmware Affected: 0 , ≤ * (custom)
    cpe:2.3:o:qualcomm:sm6370_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
qualcomm sm8550p_firmware Affected: 0 , ≤ * (custom)
    cpe:2.3:o:qualcomm:sm8550p_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
qualcomm sm8635_firmware Affected: 0 , ≤ * (custom)
    cpe:2.3:o:qualcomm:sm8635_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
qualcomm smart_audio_200_platform_firmware Affected: 0 , ≤ * (custom)
    cpe:2.3:o:qualcomm:smart_audio_200_platform_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
qualcomm snapdragon_208_processor_firmware Affected: 0 , ≤ * (custom)
    cpe:2.3:o:qualcomm:snapdragon_208_processor_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
qualcomm snapdragon_210_processor_firmware Affected: 0 , ≤ * (custom)
    cpe:2.3:o:qualcomm:snapdragon_210_processor_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
qualcomm snapdragon_212_mobile_platform_firmware Affected: 0 , ≤ * (custom)
    cpe:2.3:o:qualcomm:snapdragon_212_mobile_platform_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
qualcomm snapdragon_4_gen_1_mobile_platform_firmware Affected: 0 , ≤ * (custom)
    cpe:2.3:o:qualcomm:snapdragon_4_gen_1_mobile_platform_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
qualcomm snapdragon_425_mobile_platform_firmware Affected: 0 , ≤ * (custom)
    cpe:2.3:o:qualcomm:snapdragon_425_mobile_platform_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
qualcomm snapdragon_429_mobile_platform_firmware Affected: 0 , ≤ * (custom)
    cpe:2.3:o:qualcomm:snapdragon_429_mobile_platform_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
qualcomm snapdragon_430_mobile_platform_firmware Affected: 0 , ≤ * (custom)
    cpe:2.3:o:qualcomm:snapdragon_430_mobile_platform_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
qualcomm snapdragon_439_mobile_platform_firmware Affected: 0 , ≤ * (custom)
    cpe:2.3:o:qualcomm:snapdragon_439_mobile_platform_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
qualcomm snapdragon_480_5g_mobile_platform_firmware Affected: 0 , ≤ * (custom)
    cpe:2.3:o:qualcomm:snapdragon_480_5g_mobile_platform_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
qualcomm snapdragon_695_5g_mobile_platform_firmware Affected: 0 , ≤ * (custom)
    cpe:2.3:o:qualcomm:snapdragon_695_5g_mobile_platform_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
qualcomm snapdragon_8_gen_1_mobile_platform_firmware Affected: 0 , ≤ * (custom)
    cpe:2.3:o:qualcomm:snapdragon_8_gen_1_mobile_platform_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
qualcomm snapdragon_8_gen_2_mobile_platform_firmware Affected: 0 , ≤ * (custom)
    cpe:2.3:o:qualcomm:snapdragon_8_gen_2_mobile_platform_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
qualcomm snapdragon_8_gen_3_mobile_platform_firmware Affected: 0 , ≤ * (custom)
    cpe:2.3:o:qualcomm:snapdragon_8_gen_3_mobile_platform_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
qualcomm snapdragon_auto_5g_modem-rf_gen_2_firmware Affected: 0 , ≤ * (custom)
    cpe:2.3:o:qualcomm:snapdragon_auto_5g_modem-rf_gen_2_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
qualcomm snapdragon_x35_5g_modem-rf_system_firmware Affected: 0 , ≤ * (custom)
    cpe:2.3:o:qualcomm:snapdragon_x35_5g_modem-rf_system_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
qualcomm snapdragon_x62_5g_modem-rf_system_firmware Affected: 0 , ≤ * (custom)
    cpe:2.3:o:qualcomm:snapdragon_x62_5g_modem-rf_system_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
qualcomm snapdragon_x65_5g_modem-rf_system_firmware Affected: 0 , ≤ * (custom)
    cpe:2.3:o:qualcomm:snapdragon_x65_5g_modem-rf_system_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
qualcomm snapdragon_x70_modem-rf_system_firmware Affected: 0 , ≤ * (custom)
    cpe:2.3:o:qualcomm:snapdragon_x70_modem-rf_system_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
qualcomm snapdragon_x72_5g_modem-rf_system_firmware Affected: 0 , ≤ * (custom)
    cpe:2.3:o:qualcomm:snapdragon_x72_5g_modem-rf_system_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
qualcomm snapdragon_x75_5g_modem-rf_system_firmware Affected: 0 , ≤ * (custom)
    cpe:2.3:o:qualcomm:snapdragon_x75_5g_modem-rf_system_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
qualcomm wcd9326_firmware Affected: 0 , ≤ * (custom)
    cpe:2.3:o:qualcomm:wcd9326_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
qualcomm wcd9340_firmware Affected: 0 , ≤ * (custom)
    cpe:2.3:o:qualcomm:wcd9340_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
qualcomm wcd9360_firmware Affected: 0 , ≤ * (custom)
    cpe:2.3:o:qualcomm:wcd9360_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
qualcomm wcd9370_firmware Affected: 0 , ≤ * (custom)
    cpe:2.3:o:qualcomm:wcd9370_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
qualcomm wcd9375_firmware Affected: 0 , ≤ * (custom)
    cpe:2.3:o:qualcomm:wcd9375_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
qualcomm wcd9380_firmware Affected: 0 , ≤ * (custom)
    cpe:2.3:o:qualcomm:wcd9380_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
qualcomm wcd9385_firmware Affected: 0 , ≤ * (custom)
    cpe:2.3:o:qualcomm:wcd9385_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
qualcomm wcd9390_firmware Affected: 0 , ≤ * (custom)
    cpe:2.3:o:qualcomm:wcd9390_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
qualcomm wcd9395_firmware Affected: 0 , ≤ * (custom)
    cpe:2.3:o:qualcomm:wcd9395_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
qualcomm wcn3610_firmware Affected: 0 , ≤ * (custom)
    cpe:2.3:o:qualcomm:wcn3610_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
qualcomm wcn3615_firmware Affected: 0 , ≤ * (custom)
    cpe:2.3:o:qualcomm:wcn3615_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
qualcomm wcn3620_firmware Affected: 0 , ≤ * (custom)
    cpe:2.3:o:qualcomm:wcn3620_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
qualcomm wcn3660b_firmware Affected: 0 , ≤ * (custom)
    cpe:2.3:o:qualcomm:wcn3660b_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
qualcomm wcn3680b_firmware Affected: 0 , ≤ * (custom)
    cpe:2.3:o:qualcomm:wcn3680b_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
qualcomm wcn3950_firmware Affected: 0 , ≤ * (custom)
    cpe:2.3:o:qualcomm:wcn3950_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
qualcomm wcn3980_firmware Affected: 0 , ≤ * (custom)
    cpe:2.3:o:qualcomm:wcn3980_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
qualcomm wcn3988_firmware Affected: 0 , ≤ * (custom)
    cpe:2.3:o:qualcomm:wcn3988_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
qualcomm wcn6755_firmware Affected: 0 , ≤ * (custom)
    cpe:2.3:o:qualcomm:wcn6755_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
qualcomm wsa8810_firmware Affected: 0 , ≤ * (custom)
    cpe:2.3:o:qualcomm:wsa8810_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
qualcomm wsa8815_firmware Affected: 0 , ≤ * (custom)
    cpe:2.3:o:qualcomm:wsa8815_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
qualcomm wsa8830_firmware Affected: 0 , ≤ * (custom)
    cpe:2.3:o:qualcomm:wsa8830_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
qualcomm wsa8832_firmware Affected: 0 , ≤ * (custom)
    cpe:2.3:o:qualcomm:wsa8832_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
qualcomm wsa8835_firmware Affected: 0 , ≤ * (custom)
    cpe:2.3:o:qualcomm:wsa8835_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
qualcomm wsa8840_firmware Affected: 0 , ≤ * (custom)
    cpe:2.3:o:qualcomm:wsa8840_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
qualcomm wsa8845_firmware Affected: 0 , ≤ * (custom)
    cpe:2.3:o:qualcomm:wsa8845_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
qualcomm wsa8845h_firmware Affected: 0 , ≤ * (custom)
    cpe:2.3:o:qualcomm:wsa8845h_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:apq8017_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "apq8017_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:apq8037_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "apq8037_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:ar8035_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ar8035_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:fastconnect_6200_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "fastconnect_6200_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:fastconnect_6700_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "fastconnect_6700_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:fastconnect_6900_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "fastconnect_6900_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:fastconnect_7800_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "fastconnect_7800_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:fsm10055_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "fsm10055_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:fsm10056_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "fsm10056_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:msm8108_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "msm8108_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:msm8209_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "msm8209_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:msm8608_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "msm8608_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:qca6174a_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "qca6174a_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:qca6574a_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "qca6574a_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:qca6574au_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "qca6574au_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:qca6584au_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "qca6584au_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:qca6595au_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "qca6595au_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:qca6696_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "qca6696_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:qca6698aq_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "qca6698aq_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:qca8081_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "qca8081_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:qca8337_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "qca8337_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:qcc710_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "qcc710_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:qcm4490_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "qcm4490_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:qcm8550_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "qcm8550_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:qcn6024_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "qcn6024_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:qcn6224_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "qcn6224_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:qcn6274_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "qcn6274_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:qcn9024_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "qcn9024_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:qcs4490_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "qcs4490_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:qcs8550_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "qcs8550_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:qep8111_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "qep8111_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:qfw7114_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "qfw7114_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:qfw7124_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "qfw7124_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:qualcomm_205_mobile_platform_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "qualcomm_205_mobile_platform_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:sdm429w_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "sdm429w_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:sdx55_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "sdx55_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:sdx57m_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "sdx57m_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:sdx61_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "sdx61_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:sdx71m_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "sdx71m_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:sg8275p_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "sg8275p_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:sm6370_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "sm6370_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:sm8550p_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "sm8550p_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:sm8635_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "sm8635_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:smart_audio_200_platform_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "smart_audio_200_platform_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:snapdragon_208_processor_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "snapdragon_208_processor_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:snapdragon_210_processor_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "snapdragon_210_processor_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:snapdragon_212_mobile_platform_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "snapdragon_212_mobile_platform_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:snapdragon_4_gen_1_mobile_platform_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "snapdragon_4_gen_1_mobile_platform_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:snapdragon_425_mobile_platform_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "snapdragon_425_mobile_platform_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:snapdragon_429_mobile_platform_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "snapdragon_429_mobile_platform_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:snapdragon_430_mobile_platform_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "snapdragon_430_mobile_platform_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:snapdragon_439_mobile_platform_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "snapdragon_439_mobile_platform_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:snapdragon_480_5g_mobile_platform_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "snapdragon_480_5g_mobile_platform_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:snapdragon_695_5g_mobile_platform_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "snapdragon_695_5g_mobile_platform_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:snapdragon_8_gen_1_mobile_platform_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "snapdragon_8_gen_1_mobile_platform_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:snapdragon_8_gen_2_mobile_platform_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "snapdragon_8_gen_2_mobile_platform_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:snapdragon_8_gen_3_mobile_platform_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "snapdragon_8_gen_3_mobile_platform_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:snapdragon_auto_5g_modem-rf_gen_2_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "snapdragon_auto_5g_modem-rf_gen_2_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:snapdragon_x35_5g_modem-rf_system_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "snapdragon_x35_5g_modem-rf_system_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:snapdragon_x62_5g_modem-rf_system_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "snapdragon_x62_5g_modem-rf_system_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:snapdragon_x65_5g_modem-rf_system_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "snapdragon_x65_5g_modem-rf_system_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:snapdragon_x70_modem-rf_system_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "snapdragon_x70_modem-rf_system_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:snapdragon_x72_5g_modem-rf_system_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "snapdragon_x72_5g_modem-rf_system_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:snapdragon_x75_5g_modem-rf_system_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "snapdragon_x75_5g_modem-rf_system_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:wcd9326_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "wcd9326_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:wcd9340_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "wcd9340_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:wcd9360_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "wcd9360_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:wcd9370_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "wcd9370_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:wcd9375_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "wcd9375_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:wcd9380_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "wcd9380_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:wcd9385_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "wcd9385_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:wcd9390_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "wcd9390_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:wcd9395_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "wcd9395_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:wcn3610_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "wcn3610_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:wcn3615_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "wcn3615_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:wcn3620_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "wcn3620_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:wcn3660b_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "wcn3660b_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:wcn3680b_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "wcn3680b_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:wcn3950_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "wcn3950_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:wcn3980_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "wcn3980_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:wcn3988_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "wcn3988_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:wcn6755_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "wcn6755_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:wsa8810_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "wsa8810_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:wsa8815_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "wsa8815_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:wsa8830_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "wsa8830_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:wsa8832_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "wsa8832_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:wsa8835_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "wsa8835_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:wsa8840_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "wsa8840_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:wsa8845_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "wsa8845_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:wsa8845h_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "wsa8845h_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-23385",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-04T14:15:26.683035Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-04T14:15:34.635Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Snapdragon Auto",
            "Snapdragon Compute",
            "Snapdragon Industrial IOT",
            "Snapdragon MDM",
            "Snapdragon Mobile",
            "Snapdragon WBC",
            "Snapdragon Wearables"
          ],
          "product": "Snapdragon",
          "vendor": "Qualcomm, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "APQ8017"
            },
            {
              "status": "affected",
              "version": "APQ8037"
            },
            {
              "status": "affected",
              "version": "AR8035"
            },
            {
              "status": "affected",
              "version": "FastConnect 6200"
            },
            {
              "status": "affected",
              "version": "FastConnect 6700"
            },
            {
              "status": "affected",
              "version": "FastConnect 6900"
            },
            {
              "status": "affected",
              "version": "FastConnect 7800"
            },
            {
              "status": "affected",
              "version": "FSM10055"
            },
            {
              "status": "affected",
              "version": "FSM10056"
            },
            {
              "status": "affected",
              "version": "MSM8108"
            },
            {
              "status": "affected",
              "version": "MSM8209"
            },
            {
              "status": "affected",
              "version": "MSM8608"
            },
            {
              "status": "affected",
              "version": "QCA6174A"
            },
            {
              "status": "affected",
              "version": "QCA6574A"
            },
            {
              "status": "affected",
              "version": "QCA6574AU"
            },
            {
              "status": "affected",
              "version": "QCA6584AU"
            },
            {
              "status": "affected",
              "version": "QCA6595AU"
            },
            {
              "status": "affected",
              "version": "QCA6696"
            },
            {
              "status": "affected",
              "version": "QCA6698AQ"
            },
            {
              "status": "affected",
              "version": "QCA8081"
            },
            {
              "status": "affected",
              "version": "QCA8337"
            },
            {
              "status": "affected",
              "version": "QCC710"
            },
            {
              "status": "affected",
              "version": "QCM4490"
            },
            {
              "status": "affected",
              "version": "QCM8550"
            },
            {
              "status": "affected",
              "version": "QCN6024"
            },
            {
              "status": "affected",
              "version": "QCN6224"
            },
            {
              "status": "affected",
              "version": "QCN6274"
            },
            {
              "status": "affected",
              "version": "QCN9024"
            },
            {
              "status": "affected",
              "version": "QCS4490"
            },
            {
              "status": "affected",
              "version": "QCS8550"
            },
            {
              "status": "affected",
              "version": "QEP8111"
            },
            {
              "status": "affected",
              "version": "QFW7114"
            },
            {
              "status": "affected",
              "version": "QFW7124"
            },
            {
              "status": "affected",
              "version": "Qualcomm 205 Mobile Platform"
            },
            {
              "status": "affected",
              "version": "SDM429W"
            },
            {
              "status": "affected",
              "version": "SDX55"
            },
            {
              "status": "affected",
              "version": "SDX57M"
            },
            {
              "status": "affected",
              "version": "SDX61"
            },
            {
              "status": "affected",
              "version": "SDX71M"
            },
            {
              "status": "affected",
              "version": "SG8275P"
            },
            {
              "status": "affected",
              "version": "SM6370"
            },
            {
              "status": "affected",
              "version": "SM8550P"
            },
            {
              "status": "affected",
              "version": "SM8635"
            },
            {
              "status": "affected",
              "version": "Smart Audio 200 Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 208 Processor"
            },
            {
              "status": "affected",
              "version": "Snapdragon 210 Processor"
            },
            {
              "status": "affected",
              "version": "Snapdragon 212 Mobile Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 4 Gen 1 Mobile Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 425 Mobile Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 429 Mobile Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 430 Mobile Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 439 Mobile Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 480 5G Mobile Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 480+ 5G Mobile Platform (SM4350-AC)"
            },
            {
              "status": "affected",
              "version": "Snapdragon 695 5G Mobile Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 8 Gen 1 Mobile Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 8 Gen 2 Mobile Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 8 Gen 3 Mobile Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 8+ Gen 1 Mobile Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 8+ Gen 2 Mobile Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon Auto 5G Modem-RF Gen 2"
            },
            {
              "status": "affected",
              "version": "Snapdragon Wear 4100+ Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon X35 5G Modem-RF System"
            },
            {
              "status": "affected",
              "version": "Snapdragon X62 5G Modem-RF System"
            },
            {
              "status": "affected",
              "version": "Snapdragon X65 5G Modem-RF System"
            },
            {
              "status": "affected",
              "version": "Snapdragon X70 Modem-RF System"
            },
            {
              "status": "affected",
              "version": "Snapdragon X72 5G Modem-RF System"
            },
            {
              "status": "affected",
              "version": "Snapdragon X75 5G Modem-RF System"
            },
            {
              "status": "affected",
              "version": "WCD9326"
            },
            {
              "status": "affected",
              "version": "WCD9340"
            },
            {
              "status": "affected",
              "version": "WCD9360"
            },
            {
              "status": "affected",
              "version": "WCD9370"
            },
            {
              "status": "affected",
              "version": "WCD9375"
            },
            {
              "status": "affected",
              "version": "WCD9380"
            },
            {
              "status": "affected",
              "version": "WCD9385"
            },
            {
              "status": "affected",
              "version": "WCD9390"
            },
            {
              "status": "affected",
              "version": "WCD9395"
            },
            {
              "status": "affected",
              "version": "WCN3610"
            },
            {
              "status": "affected",
              "version": "WCN3615"
            },
            {
              "status": "affected",
              "version": "WCN3620"
            },
            {
              "status": "affected",
              "version": "WCN3660B"
            },
            {
              "status": "affected",
              "version": "WCN3680B"
            },
            {
              "status": "affected",
              "version": "WCN3950"
            },
            {
              "status": "affected",
              "version": "WCN3980"
            },
            {
              "status": "affected",
              "version": "WCN3988"
            },
            {
              "status": "affected",
              "version": "WCN6755"
            },
            {
              "status": "affected",
              "version": "WSA8810"
            },
            {
              "status": "affected",
              "version": "WSA8815"
            },
            {
              "status": "affected",
              "version": "WSA8830"
            },
            {
              "status": "affected",
              "version": "WSA8832"
            },
            {
              "status": "affected",
              "version": "WSA8835"
            },
            {
              "status": "affected",
              "version": "WSA8840"
            },
            {
              "status": "affected",
              "version": "WSA8845"
            },
            {
              "status": "affected",
              "version": "WSA8845H"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Transient DOS as modem reset occurs when an unexpected MAC RAR (with invalid PDU length) is seen at UE."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-617",
              "description": "CWE-617 Reachable Assertion",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-04T10:04:34.231Z",
        "orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
        "shortName": "qualcomm"
      },
      "references": [
        {
          "url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/november-2024-bulletin.html"
        }
      ],
      "title": "Reachable Assertion in Modem"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
    "assignerShortName": "qualcomm",
    "cveId": "CVE-2024-23385",
    "datePublished": "2024-11-04T10:04:34.231Z",
    "dateReserved": "2024-01-16T03:27:26.436Z",
    "dateUpdated": "2024-11-04T14:15:34.635Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-23350 (GCVE-0-2024-23350)

Vulnerability from cvelistv5 – Published: 2024-08-05 14:21 – Updated: 2024-08-05 15:02
VLAI
Title
Reachable Assertion in Multi Mode Call Processor
Summary
Permanent DOS when DL NAS transport receives multiple payloads such that one payload contains SOR container whose integrity check has failed, and the other is LPP where UE needs to send status message to network.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
Impacted products
Vendor Product Version
Qualcomm, Inc. Snapdragon Affected: AR8035
Affected: FastConnect 6900
Affected: FastConnect 7800
Affected: QCA6174A
Affected: QCA6584AU
Affected: QCA6698AQ
Affected: QCA8081
Affected: QCA8337
Affected: QCC710
Affected: QCN6224
Affected: QCN6274
Affected: QEP8111
Affected: QFW7114
Affected: QFW7124
Affected: Snapdragon 8 Gen 3 Mobile Platform
Affected: Snapdragon Auto 5G Modem-RF Gen 2
Affected: Snapdragon X35 5G Modem-RF System
Affected: Snapdragon X72 5G Modem-RF System
Affected: Snapdragon X75 5G Modem-RF System
Affected: WCD9340
Affected: WCD9390
Affected: WCD9395
Affected: WSA8840
Affected: WSA8845
Affected: WSA8845H
Create a notification for this product.
qualcomm ar8035_firmware Affected: 0 , ≤ * (custom)
    cpe:2.3:o:qualcomm:ar8035_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
qualcomm fastconnect_6900_firmware Affected: 0 , ≤ * (custom)
    cpe:2.3:o:qualcomm:fastconnect_6900_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
qualcomm fastconnect_7800_firmware Affected: 0 , ≤ * (custom)
    cpe:2.3:o:qualcomm:fastconnect_7800_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
qualcomm qca6174a_firmware Affected: 0 , ≤ * (custom)
    cpe:2.3:o:qualcomm:qca6174a_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
qualcomm qca6584au_firmware Affected: 0 , ≤ * (custom)
    cpe:2.3:o:qualcomm:qca6584au_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
qualcomm qca6698aq_firmware Affected: 0 , ≤ * (custom)
    cpe:2.3:o:qualcomm:qca6698aq_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
qualcomm qca8081_firmware Affected: 0 , ≤ * (custom)
    cpe:2.3:o:qualcomm:qca8081_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
qualcomm qca8337_firmware Affected: 0 , ≤ * (custom)
    cpe:2.3:o:qualcomm:qca8337_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
qualcomm qcc710_firmware Affected: 0 , ≤ * (custom)
    cpe:2.3:o:qualcomm:qcc710_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
qualcomm qcn6224_firmware Affected: 0 , ≤ * (custom)
    cpe:2.3:o:qualcomm:qcn6224_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
qualcomm qcn6274_firmware Affected: 0 , ≤ * (custom)
    cpe:2.3:o:qualcomm:qcn6274_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
qualcomm qep8111_firmware Affected: 0 , ≤ * (custom)
    cpe:2.3:o:qualcomm:qep8111_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
qualcomm qfw7114_firmware Affected: 0 , ≤ * (custom)
    cpe:2.3:o:qualcomm:qfw7114_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
qualcomm qfw7124_firmware Affected: 0 , ≤ * (custom)
    cpe:2.3:o:qualcomm:qfw7124_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
qualcomm snapdragon_8_gen_3_mobile_platform_firmware Affected: 0 , ≤ * (custom)
    cpe:2.3:o:qualcomm:snapdragon_8_gen_3_mobile_platform_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
qualcomm snapdragon_auto_5g_modem-rf_gen_2_firmware Affected: 0 , ≤ * (custom)
    cpe:2.3:o:qualcomm:snapdragon_auto_5g_modem-rf_gen_2_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
qualcomm snapdragon_x35_5g_modem-rf_system_firmware Affected: 0 , ≤ * (custom)
    cpe:2.3:o:qualcomm:snapdragon_x35_5g_modem-rf_system_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
qualcomm snapdragon_x72_5g_modem-rf_system_firmware Affected: 0 , ≤ * (custom)
    cpe:2.3:o:qualcomm:snapdragon_x72_5g_modem-rf_system_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
qualcomm snapdragon_x75_5g_modem-rf_system_firmware Affected: 0 , ≤ * (custom)
    cpe:2.3:o:qualcomm:snapdragon_x75_5g_modem-rf_system_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
qualcomm wcd9340_firmware Affected: 0 , ≤ * (custom)
    cpe:2.3:o:qualcomm:wcd9340_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
qualcomm wcd9390_firmware Affected: 0 , ≤ * (custom)
    cpe:2.3:o:qualcomm:wcd9390_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
qualcomm wcd9395_firmware Affected: 0 , ≤ * (custom)
    cpe:2.3:o:qualcomm:wcd9395_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
qualcomm wsa8840_firmware Affected: 0 , ≤ * (custom)
    cpe:2.3:o:qualcomm:wsa8840_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
qualcomm wsa8845_firmware Affected: 0 , ≤ * (custom)
    cpe:2.3:o:qualcomm:wsa8845_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
qualcomm wsa8845h_firmware Affected: 0 , ≤ * (custom)
    cpe:2.3:o:qualcomm:wsa8845h_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:ar8035_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ar8035_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:fastconnect_6900_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "fastconnect_6900_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:fastconnect_7800_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "fastconnect_7800_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:qca6174a_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "qca6174a_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:qca6584au_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "qca6584au_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:qca6698aq_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "qca6698aq_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:qca8081_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "qca8081_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:qca8337_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "qca8337_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:qcc710_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "qcc710_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:qcn6224_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "qcn6224_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:qcn6274_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "qcn6274_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:qep8111_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "qep8111_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:qfw7114_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "qfw7114_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:qfw7124_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "qfw7124_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:snapdragon_8_gen_3_mobile_platform_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "snapdragon_8_gen_3_mobile_platform_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:snapdragon_auto_5g_modem-rf_gen_2_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "snapdragon_auto_5g_modem-rf_gen_2_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:snapdragon_x35_5g_modem-rf_system_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "snapdragon_x35_5g_modem-rf_system_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:snapdragon_x72_5g_modem-rf_system_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "snapdragon_x72_5g_modem-rf_system_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:snapdragon_x75_5g_modem-rf_system_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "snapdragon_x75_5g_modem-rf_system_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:wcd9340_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "wcd9340_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:wcd9390_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "wcd9390_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:wcd9395_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "wcd9395_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:wsa8840_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "wsa8840_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:wsa8845_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "wsa8845_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:wsa8845h_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "wsa8845h_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-23350",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-05T15:02:19.688898Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-05T15:02:35.350Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Snapdragon Auto",
            "Snapdragon Mobile"
          ],
          "product": "Snapdragon",
          "vendor": "Qualcomm, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "AR8035"
            },
            {
              "status": "affected",
              "version": "FastConnect 6900"
            },
            {
              "status": "affected",
              "version": "FastConnect 7800"
            },
            {
              "status": "affected",
              "version": "QCA6174A"
            },
            {
              "status": "affected",
              "version": "QCA6584AU"
            },
            {
              "status": "affected",
              "version": "QCA6698AQ"
            },
            {
              "status": "affected",
              "version": "QCA8081"
            },
            {
              "status": "affected",
              "version": "QCA8337"
            },
            {
              "status": "affected",
              "version": "QCC710"
            },
            {
              "status": "affected",
              "version": "QCN6224"
            },
            {
              "status": "affected",
              "version": "QCN6274"
            },
            {
              "status": "affected",
              "version": "QEP8111"
            },
            {
              "status": "affected",
              "version": "QFW7114"
            },
            {
              "status": "affected",
              "version": "QFW7124"
            },
            {
              "status": "affected",
              "version": "Snapdragon 8 Gen 3 Mobile Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon Auto 5G Modem-RF Gen 2"
            },
            {
              "status": "affected",
              "version": "Snapdragon X35 5G Modem-RF System"
            },
            {
              "status": "affected",
              "version": "Snapdragon X72 5G Modem-RF System"
            },
            {
              "status": "affected",
              "version": "Snapdragon X75 5G Modem-RF System"
            },
            {
              "status": "affected",
              "version": "WCD9340"
            },
            {
              "status": "affected",
              "version": "WCD9390"
            },
            {
              "status": "affected",
              "version": "WCD9395"
            },
            {
              "status": "affected",
              "version": "WSA8840"
            },
            {
              "status": "affected",
              "version": "WSA8845"
            },
            {
              "status": "affected",
              "version": "WSA8845H"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Permanent DOS when DL NAS transport receives multiple payloads such that one payload contains SOR container whose integrity check has failed, and the other is LPP where UE needs to send status message to network."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-617",
              "description": "CWE-617 Reachable Assertion",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-08-05T14:21:18.555Z",
        "orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
        "shortName": "qualcomm"
      },
      "references": [
        {
          "url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/august-2024-bulletin.html"
        }
      ],
      "title": "Reachable Assertion in Multi Mode Call Processor"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
    "assignerShortName": "qualcomm",
    "cveId": "CVE-2024-23350",
    "datePublished": "2024-08-05T14:21:18.555Z",
    "dateReserved": "2024-01-16T03:27:26.430Z",
    "dateUpdated": "2024-08-05T15:02:35.350Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-20152 (GCVE-0-2024-20152)

Vulnerability from cvelistv5 – Published: 2025-01-06 03:17 – Updated: 2025-01-06 14:12
VLAI
Summary
In wlan STA driver, there is a possible reachable assertion due to improper exception handling. This could lead to local denial of service if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: WCNCR00389047 / ALPS09136505; Issue ID: MSV-1798.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
Impacted products
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 4.4,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "HIGH",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-20152",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-06T14:12:35.612710Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-01-06T14:12:39.277Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "MT2737, MT3603, MT6835, MT6878, MT6886, MT6897, MT6990, MT7902, MT7920, MT7922, MT8518S, MT8532, MT8755, MT8766, MT8768, MT8775, MT8781, MT8796, MT8798, MT8893",
          "vendor": "MediaTek, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "Android 13.0, 14.0, 15.0 / SDK release 2.4 and before / openWRT 23.05 / Yocto 3.3, 4.0, 5.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In wlan STA driver, there is a possible reachable assertion due to improper exception handling. This could lead to local denial of service if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: WCNCR00389047 / ALPS09136505; Issue ID: MSV-1798."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-617",
              "description": "CWE-617 Reachable Assertion",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-06T03:17:59.918Z",
        "orgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
        "shortName": "MediaTek"
      },
      "references": [
        {
          "url": "https://corp.mediatek.com/product-security-bulletin/January-2025"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
    "assignerShortName": "MediaTek",
    "cveId": "CVE-2024-20152",
    "datePublished": "2025-01-06T03:17:59.918Z",
    "dateReserved": "2023-11-02T13:35:35.188Z",
    "dateUpdated": "2025-01-06T14:12:39.277Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Mitigation
Implementation

Make sensitive open/close operation non reachable by directly user-controlled data (e.g. open/close resources)

Mitigation
Implementation

Strategy: Input Validation

Perform input validation on user data.

No CAPEC attack patterns related to this CWE.