CVE-2020-3686
Last modified
CVE-2020-3686 is a critical-severity vulnerability rated 9.8/10 on the CVSS scale. Possible memory out of bound issue during music playback when an incorrect bit stream content is copied into array without checking the length of array in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking. EPSS estimates a 1.19% chance of exploitation in the next 30 days.
Description
Possible memory out of bound issue during music playback when an incorrect bit stream content is copied into array without checking the length of array in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Qualcomm | Apq8009 | All versions |
| Qualcomm | Apq8009w | All versions |
| Qualcomm | Apq8017 | All versions |
| Qualcomm | Apq8030 | All versions |
| Qualcomm | Apq8037 | All versions |
| Qualcomm | Apq8052 | All versions |
| Qualcomm | Apq8053 | All versions |
| Qualcomm | Apq8056 | All versions |
| Qualcomm | Apq8060a | All versions |
| Qualcomm | Apq8062 | All versions |
| Qualcomm | Apq8064 | All versions |
| Qualcomm | Apq8064au | All versions |
| Qualcomm | Apq8076 | All versions |
| Qualcomm | Apq8084 | All versions |
| Qualcomm | Apq8096au | All versions |
| Qualcomm | Aqt1000 | All versions |
| Qualcomm | Ar6003 | All versions |
| Qualcomm | Ar8031 | All versions |
| Qualcomm | Ar8035 | All versions |
| Qualcomm | Ar8151 | All versions |
| Qualcomm | Csra6620 | All versions |
| Qualcomm | Csra6640 | All versions |
| Qualcomm | Csrb31024 | All versions |
| Qualcomm | Mdm8215 | All versions |
| Qualcomm | Mdm8215m | All versions |
| Qualcomm | Mdm8615m | All versions |
| Qualcomm | Mdm8635m | All versions |
| Qualcomm | Mdm9215 | All versions |
| Qualcomm | Mdm9225 | All versions |
| Qualcomm | Mdm9225m | All versions |
| Qualcomm | Mdm9230 | All versions |
| Qualcomm | Mdm9235m | All versions |
| Qualcomm | Mdm9310 | All versions |
| Qualcomm | Mdm9330 | All versions |
| Qualcomm | Mdm9607 | All versions |
| Qualcomm | Mdm9615 | All versions |
| Qualcomm | Mdm9615m | All versions |
| Qualcomm | Mdm9625 | All versions |
| Qualcomm | Mdm9625m | All versions |
| Qualcomm | Mdm9628 | All versions |
| Qualcomm | Mdm9630 | All versions |
| Qualcomm | Mdm9635m | All versions |
| Qualcomm | Mdm9640 | All versions |
| Qualcomm | Mdm9645 | All versions |
| Qualcomm | Mdm9650 | All versions |
| Qualcomm | Mdm9655 | All versions |
| Qualcomm | Mpq8064 | All versions |
| Qualcomm | Msm8108 | All versions |
| Qualcomm | Msm8208 | All versions |
| Qualcomm | Msm8209 | All versions |
Showing 50 of 492 affected configurations. See NVD for the full list.
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2020-3686?
How severe is CVE-2020-3686?
How do I fix CVE-2020-3686?
Are you affected by CVE-2020-3686?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST