Lucene search

QualcommCVELIST:CVE-2024-21452

HistoryApr 01, 2024 - 3:06 p.m.

CVE-2024-21452 Improper Input Validation in Automotive Telematics

2024-04-0115:06:00

CWE-20

qualcomm

www.cve.org

cve-2024-21452

transient dos

asn.1 oer

7.3 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

0.0005 Low

EPSS

Percentile

17.0%

JSON

Transient DOS while decoding an ASN.1 OER message containing a SEQUENCE of unknown extensions.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Snapdragon Auto"
    ],
    "product": "Snapdragon",
    "vendor": "Qualcomm, Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "C-V2X 9150"
      },
      {
        "status": "affected",
        "version": "QCA6584AU"
      },
      {
        "status": "affected",
        "version": "QCA6698AQ"
      },
      {
        "status": "affected",
        "version": "Snapdragon Auto 5G Modem-RF"
      },
      {
        "status": "affected",
        "version": "Snapdragon Auto 5G Modem-RF Gen 2"
      },
      {
        "status": "affected",
        "version": "Snapdragon Auto 4G Modem"
      }
    ]
  }
]

References

docs.qualcomm.com/product/publicresources/securitybulletin/april-2024-bulletin.html

7.3 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

0.0005 Low

EPSS

Percentile

17.0%

JSON

Related for CVELIST:CVE-2024-21452