Strix
26.1K

CVE-2020-11143

CRITICALCVSS 9.8/10EPSS 1.05%

Last modified

CVE-2020-11143 is a critical-severity vulnerability rated 9.8/10 on the CVSS scale. Out of bound memory access during music playback with modified content due to copying data without checking destination buffer size in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking. EPSS estimates a 1.05% chance of exploitation in the next 30 days.

Description

Out of bound memory access during music playback with modified content due to copying data without checking destination buffer size in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking

Metrics

CVSS 3.1
9.8/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Probability
1.05%

60.0th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
QualcommApq8009All versions
QualcommApq8017All versions
QualcommApq8030All versions
QualcommApq8037All versions
QualcommApq8052All versions
QualcommApq8053All versions
QualcommApq8056All versions
QualcommApq8060aAll versions
QualcommApq8062All versions
QualcommApq8064All versions
QualcommApq8064auAll versions
QualcommApq8076All versions
QualcommApq8084All versions
QualcommApq8096auAll versions
QualcommAqt1000All versions
QualcommAr6003All versions
QualcommAr8031All versions
QualcommAr8035All versions
QualcommAr8151All versions
QualcommAr9374All versions
QualcommCsra6620All versions
QualcommCsra6640All versions
QualcommMdm8215All versions
QualcommMdm8215mAll versions
QualcommMdm8615mAll versions
QualcommMdm8635mAll versions
QualcommMdm9215All versions
QualcommMdm9225All versions
QualcommMdm9225mAll versions
QualcommMdm9230All versions
QualcommMdm9235mAll versions
QualcommMdm9310All versions
QualcommMdm9330All versions
QualcommMdm9615All versions
QualcommMdm9615mAll versions
QualcommMdm9625All versions
QualcommMdm9625mAll versions
QualcommMdm9630All versions
QualcommMdm9635mAll versions
QualcommMdm9640All versions
QualcommMdm9645All versions
QualcommMdm9650All versions
QualcommMdm9655All versions
QualcommMpq8064All versions
QualcommMsm8108All versions
QualcommMsm8208All versions
QualcommMsm8209All versions
QualcommMsm8226All versions
QualcommMsm8227All versions
QualcommMsm8230All versions

Showing 50 of 494 affected configurations. See NVD for the full list.

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2020-11143?
Out of bound memory access during music playback with modified content due to copying data without checking destination buffer size in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
How severe is CVE-2020-11143?
CVE-2020-11143 has a CVSS score of 9.8/10 (CRITICAL severity). The EPSS model estimates a 1.05% probability of exploitation in the next 30 days.
How do I fix CVE-2020-11143?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2020-11143?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST