CVE-2022-33278 — Classic Buffer Overflow in INC Snapdragon

CWE-120 — Classic Buffer Overflow3 documents3 sources

Severity

7.8HIGHNVD

EPSS

0.1%

top 75.13%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Qualcomm INC Snapdragon Google Android

Timeline

PublishedMar 10

Description

Memory corruption due to buffer copy without checking the size of input in HLOS when input message size is larger than the buffer capacity.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

▶googlegoogle/android

▶CVEListV5qualcomm_inc/snapdragon123 versions+122

🔴Vulnerability Details

GHSA

GHSA-gv5v-q9vq-26q4: Memory corruption due to buffer copy without checking the size of input in HLOS when input message size is larger than the buffer capacity↗2023-03-10

▶

📋Vendor Advisories

Android

CVE-2022-33278: Closed-source component↗2023-03-01

▶