CVE-2022-33248 — Integer Overflow to Buffer Overflow in INC Snapdragon

CWE-680 — Integer Overflow to Buffer Overflow CWE-190 — Integer Overflow or Wraparound4 documents4 sources

Severity

7.8HIGHNVD

EPSS

0.1%

top 68.61%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Qualcomm INC Snapdragon Google Android

Timeline

PublishedFeb 12

Latest updateMay 20

Description

Memory corruption in User Identity Module due to integer overflow to buffer overflow when a segement is received via qmi http.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

▶googlegoogle/android

▶CVEListV5qualcomm_inc/snapdragon162 versions+161

🔴Vulnerability Details

GHSA

GHSA-qjhr-gq7c-8mxc: Memory corruption in User Identity Module due to integer overflow to buffer overflow when a segement is received via qmi http↗2023-02-12

▶

📋Vendor Advisories

Android

CVE-2022-33248: Closed-source component↗2023-02-01

▶

📄Research Papers

arXiv

ChatNVD: Advancing Cybersecurity Vulnerability Assessment with Large Language Models↗2025-05-20

▶