CVE-2020-3639 : u'When a non standard SIP sigcomp message is received from the network, then the

u'When a non standard SIP sigcomp message is received from the network, then there may be chances of using more UDVM cycle or memory overflow' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in APQ8009, APQ8017, APQ8037, APQ8053, MDM9250, MDM9607, MDM9628, MDM9640, MDM9650, MSM8108, MSM8208, MSM8209, MSM8608, MSM8905, MSM8909, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, QCM4290, QCM6125, QCS410, QCS4290, QCS603, QCS605, QCS610, QCS6125, QM215, QSM8350, SA415M, SA6145P, SA6150P, SA6155P, SA8150P, SA8155, SA8155P, SA8195P, SC7180, SC8180X, SC8180X+SDX55, SC8180XP, SDA429W, SDA640, SDA660, SDA670, SDA845, SDA855, SDM1000, SDM429, SDM429W, SDM439, SDM450, SDM455, SDM630, SDM632, SDM636, SDM640, SDM660, SDM670, SDM710, SDM712, SDM845, SDM850, SDX24, SDX50M, SDX55, SDX55M, SM4125, SM4250, SM4250P, SM6115, SM6115P, SM6125, SM6150, SM6150P, SM6250, SM6250P, SM7125, SM7150, SM7150P, SM7250, SM7250P, SM8150, SM8150P, SM8350, SM8350P, SXR1120, SXR1130

Published 2020-11-12 10:15:13

Updated 2020-11-19 14:45:57

Source Qualcomm, Inc.

View at NVD, CVE.org

Products affected by CVE-2020-3639

Qualcomm » Mdm9607 Firmware » Version: N/A
cpe:2.3:o:qualcomm:mdm9607_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Mdm9607 » Version: N/A
Qualcomm » Mdm9650 Firmware » Version: N/A
cpe:2.3:o:qualcomm:mdm9650_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Mdm9650 » Version: N/A
Qualcomm » Mdm9640 Firmware » Version: N/A
cpe:2.3:o:qualcomm:mdm9640_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Mdm9640 » Version: N/A
Qualcomm » Sdm630 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sdm630_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sdm630 » Version: N/A
Qualcomm » Sdm636 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sdm636_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sdm636 » Version: N/A
Qualcomm » Sdm660 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sdm660_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sdm660 » Version: N/A
Qualcomm » Msm8996au Firmware » Version: N/A
cpe:2.3:o:qualcomm:msm8996au_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Msm8996au » Version: N/A
Qualcomm » Msm8937 Firmware » Version: N/A
cpe:2.3:o:qualcomm:msm8937_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Msm8937 » Version: N/A
Qualcomm » Sdm845 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sdm845_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sdm845 » Version: N/A
Qualcomm » Msm8917 Firmware » Version: N/A
cpe:2.3:o:qualcomm:msm8917_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Msm8917 » Version: N/A
Qualcomm » Sdm710 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sdm710_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sdm710 » Version: N/A
Qualcomm » Sdm632 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sdm632_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sdm632 » Version: N/A
Qualcomm » Sdm429 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sdm429_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sdm429 » Version: N/A
Qualcomm » Sdm439 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sdm439_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sdm439 » Version: N/A
Qualcomm » Sda660 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sda660_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sda660 » Version: N/A
Qualcomm » Sda845 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sda845_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sda845 » Version: N/A
Qualcomm » Sdx24 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sdx24_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sdx24 » Version: N/A
Qualcomm » Sxr1130 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sxr1130_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sxr1130 » Version: N/A
Qualcomm » Qcs605 Firmware » Version: N/A
cpe:2.3:o:qualcomm:qcs605_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Qcs605 » Version: N/A
Qualcomm » Sm7150 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sm7150_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sm7150 » Version: N/A
Qualcomm » Qm215 Firmware » Version: N/A
cpe:2.3:o:qualcomm:qm215_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Qm215 » Version: N/A
Qualcomm » Msm8909 Firmware » Version: N/A
cpe:2.3:o:qualcomm:msm8909_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Msm8909 » Version: N/A
Qualcomm » Apq8009 Firmware » Version: N/A
cpe:2.3:o:qualcomm:apq8009_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Apq8009 » Version: N/A
Qualcomm » Apq8017 Firmware » Version: N/A
cpe:2.3:o:qualcomm:apq8017_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Apq8017 » Version: N/A
Qualcomm » Apq8053 Firmware » Version: N/A
cpe:2.3:o:qualcomm:apq8053_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Apq8053 » Version: N/A
Qualcomm » Sdx55 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sdx55_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sdx55 » Version: N/A
Qualcomm » Sm6150 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sm6150_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sm6150 » Version: N/A
Qualcomm » Sm8150 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sm8150_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sm8150 » Version: N/A
Qualcomm » Msm8905 Firmware » Version: N/A
cpe:2.3:o:qualcomm:msm8905_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Msm8905 » Version: N/A
Qualcomm » Msm8920 Firmware » Version: N/A
cpe:2.3:o:qualcomm:msm8920_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Msm8920 » Version: N/A
Qualcomm » Msm8940 Firmware » Version: N/A
cpe:2.3:o:qualcomm:msm8940_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Msm8940 » Version: N/A
Qualcomm » Msm8953 Firmware » Version: N/A
cpe:2.3:o:qualcomm:msm8953_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Msm8953 » Version: N/A
Qualcomm » Sc8180x Firmware » Version: N/A
cpe:2.3:o:qualcomm:sc8180x_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sc8180x » Version: N/A
Qualcomm » Sdm450 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sdm450_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sdm450 » Version: N/A
Qualcomm » Sdm670 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sdm670_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sdm670 » Version: N/A
Qualcomm » Sdm850 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sdm850_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sdm850 » Version: N/A
Qualcomm » Sa6155p Firmware » Version: N/A
cpe:2.3:o:qualcomm:sa6155p_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sa6155p » Version: N/A
Qualcomm » Sdm429w Firmware » Version: N/A
cpe:2.3:o:qualcomm:sdm429w_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sdm429w » Version: N/A
Qualcomm » Sc7180 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sc7180_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sc7180 » Version: N/A
Qualcomm » Qcs610 Firmware » Version: N/A
cpe:2.3:o:qualcomm:qcs610_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Qcs610 » Version: N/A
Qualcomm » Sa415m Firmware » Version: N/A
cpe:2.3:o:qualcomm:sa415m_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sa415m » Version: N/A
Qualcomm » Sa8155p Firmware » Version: N/A
cpe:2.3:o:qualcomm:sa8155p_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sa8155p » Version: N/A
Qualcomm » Mdm9250 Firmware » Version: N/A
cpe:2.3:o:qualcomm:mdm9250_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Mdm9250 » Version: N/A
Qualcomm » Mdm9628 Firmware » Version: N/A
cpe:2.3:o:qualcomm:mdm9628_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Mdm9628 » Version: N/A
Qualcomm » Qcm4290 Firmware » Version: N/A
cpe:2.3:o:qualcomm:qcm4290_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Qcm4290 » Version: N/A
Qualcomm » Qcs4290 Firmware » Version: N/A
cpe:2.3:o:qualcomm:qcs4290_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Qcs4290 » Version: N/A
Qualcomm » Qcs603 Firmware » Version: N/A
cpe:2.3:o:qualcomm:qcs603_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Qcs603 » Version: N/A
Qualcomm » Qsm8350 Firmware » Version: N/A
cpe:2.3:o:qualcomm:qsm8350_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Qsm8350 » Version: N/A
Qualcomm » Sa8155 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sa8155_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sa8155 » Version: N/A
Qualcomm » Sda429w Firmware » Version: N/A
cpe:2.3:o:qualcomm:sda429w_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sda429w » Version: N/A
Qualcomm » Sda640 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sda640_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sda640 » Version: N/A
Qualcomm » Sda855 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sda855_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sda855 » Version: N/A
Qualcomm » Sdm1000 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sdm1000_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sdm1000 » Version: N/A
Qualcomm » Sdm640 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sdm640_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sdm640 » Version: N/A
Qualcomm » Sdx50m Firmware » Version: N/A
cpe:2.3:o:qualcomm:sdx50m_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sdx50m » Version: N/A
Qualcomm » Sdx55m Firmware » Version: N/A
cpe:2.3:o:qualcomm:sdx55m_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sdx55m » Version: N/A
Qualcomm » Sm4250 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sm4250_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sm4250 » Version: N/A
Qualcomm » Sm4250p Firmware » Version: N/A
cpe:2.3:o:qualcomm:sm4250p_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sm4250p » Version: N/A
Qualcomm » Sm6115 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sm6115_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sm6115 » Version: N/A
Qualcomm » Sm6115p Firmware » Version: N/A
cpe:2.3:o:qualcomm:sm6115p_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sm6115p » Version: N/A
Qualcomm » Sm6125 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sm6125_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sm6125 » Version: N/A
Qualcomm » Sm6250 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sm6250_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sm6250 » Version: N/A
Qualcomm » Sm7125 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sm7125_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sm7125 » Version: N/A
Qualcomm » Sm7250 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sm7250_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sm7250 » Version: N/A
Qualcomm » Sm7250p Firmware » Version: N/A
cpe:2.3:o:qualcomm:sm7250p_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sm7250p » Version: N/A
Qualcomm » Sm8150p Firmware » Version: N/A
cpe:2.3:o:qualcomm:sm8150p_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sm8150p » Version: N/A
Qualcomm » Sm8350 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sm8350_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sm8350 » Version: N/A
Qualcomm » Sm8350p Firmware » Version: N/A
cpe:2.3:o:qualcomm:sm8350p_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sm8350p » Version: N/A
Qualcomm » Sa6145p Firmware » Version: N/A
cpe:2.3:o:qualcomm:sa6145p_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sa6145p » Version: N/A
Qualcomm » Sa6150p Firmware » Version: N/A
cpe:2.3:o:qualcomm:sa6150p_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sa6150p » Version: N/A
Qualcomm » Sa8150p Firmware » Version: N/A
cpe:2.3:o:qualcomm:sa8150p_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sa8150p » Version: N/A
Qualcomm » Sa8195p Firmware » Version: N/A
cpe:2.3:o:qualcomm:sa8195p_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sa8195p » Version: N/A
Qualcomm » Qcm6125 Firmware » Version: N/A
cpe:2.3:o:qualcomm:qcm6125_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Qcm6125 » Version: N/A
Qualcomm » Qcs410 Firmware » Version: N/A
cpe:2.3:o:qualcomm:qcs410_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Qcs410 » Version: N/A
Qualcomm » Qcs6125 Firmware » Version: N/A
cpe:2.3:o:qualcomm:qcs6125_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Qcs6125 » Version: N/A
Qualcomm » Sm6150p Firmware » Version: N/A
cpe:2.3:o:qualcomm:sm6150p_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sm6150p » Version: N/A
Qualcomm » Sm6250p Firmware » Version: N/A
cpe:2.3:o:qualcomm:sm6250p_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sm6250p » Version: N/A
Qualcomm » Sm7150p Firmware » Version: N/A
cpe:2.3:o:qualcomm:sm7150p_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sm7150p » Version: N/A
Qualcomm » Apq8037 Firmware » Version: N/A
cpe:2.3:o:qualcomm:apq8037_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Apq8037 » Version: N/A
Qualcomm » Sda670 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sda670_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sda670 » Version: N/A
Qualcomm » Sdm455 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sdm455_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sdm455 » Version: N/A
Qualcomm » Sm4125 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sm4125_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sm4125 » Version: N/A
Qualcomm » Sxr1120 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sxr1120_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sxr1120 » Version: N/A
Qualcomm » Sc8180xp Firmware » Version: N/A
cpe:2.3:o:qualcomm:sc8180xp_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sc8180xp » Version: N/A
Qualcomm » Msm8108 Firmware » Version: N/A
cpe:2.3:o:qualcomm:msm8108_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Msm8108 » Version: N/A
Qualcomm » Msm8208 Firmware » Version: N/A
cpe:2.3:o:qualcomm:msm8208_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Msm8208 » Version: N/A
Qualcomm » Msm8209 Firmware » Version: N/A
cpe:2.3:o:qualcomm:msm8209_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Msm8209 » Version: N/A
Qualcomm » Msm8608 Firmware » Version: N/A
cpe:2.3:o:qualcomm:msm8608_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Msm8608 » Version: N/A
Qualcomm » Sdm712 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sdm712_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sdm712 » Version: N/A

Exploit prediction scoring system (EPSS) score for CVE-2020-3639

EPSS FAQ

0.33%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 53 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2020-3639

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
10.0	HIGH	AV:N/AC:L/Au:N/C:C/I:C/A:C	10.0	10.0	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete
9.8	CRITICAL	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	3.9	5.9	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2020-3639

CWE-129 Improper Validation of Array Index

The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2020-3639

https://www.qualcomm.com/company/product-security/bulletins/november-2020-bulletin

Page not found
Vendor Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2020-3639

Products affected by CVE-2020-3639

Exploit prediction scoring system (EPSS) score for CVE-2020-3639

CVSS scores for CVE-2020-3639

CWE ids for CVE-2020-3639

References for CVE-2020-3639