CVE-2020-3675 : u'Potential integer underflow while parsing Service Info and IPv6 link-local TLVs that comes as part of NDPE attribute'

u'Potential integer underflow while parsing Service Info and IPv6 link-local TLVs that comes as part of NDPE attribute' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in IPQ5018, IPQ6018, IPQ8074, Kamorta, Nicobar, QCA6390, QCN7605, QCS404, QCS405, Rennell, SA415M, Saipan, SC7180, SC8180X, SDX55, SM6150, SM7150, SM8150, SM8250

Published 2020-09-08 10:15:16

Updated 2020-09-11 15:46:19

Source Qualcomm, Inc.

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2020-3675

Probability of exploitation activity in the next 30 days: 0.30%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 65 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2020-3675

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
10.0	HIGH	AV:N/AC:L/Au:N/C:C/I:C/A:C	10.0	10.0	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete
9.8	CRITICAL	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	3.9	5.9	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2020-3675

CWE-191 Integer Underflow (Wrap or Wraparound)

The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2020-3675

https://www.qualcomm.com/company/product-security/bulletins/august-2020-bulletin

Page not found
Broken Link;Vendor Advisory

CVEs referencing this url

Products affected by CVE-2020-3675

Qualcomm » Ipq8074 Firmware » Version: N/A
cpe:2.3:o:qualcomm:ipq8074_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Ipq8074 » Version: N/A
Qualcomm » Sm7150 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sm7150_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sm7150 » Version: N/A
Qualcomm » Qcs405 Firmware » Version: N/A
cpe:2.3:o:qualcomm:qcs405_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Qcs405 » Version: N/A
Qualcomm » Qcs404 Firmware » Version: N/A
cpe:2.3:o:qualcomm:qcs404_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Qcs404 » Version: N/A
Qualcomm » Qcn7605 Firmware » Version: N/A
cpe:2.3:o:qualcomm:qcn7605_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Qcn7605 » Version: N/A
Qualcomm » Sdx55 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sdx55_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sdx55 » Version: N/A
Qualcomm » Sm6150 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sm6150_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sm6150 » Version: N/A
Qualcomm » Sm8150 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sm8150_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sm8150 » Version: N/A
Qualcomm » Nicobar Firmware » Version: N/A
cpe:2.3:o:qualcomm:nicobar_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Nicobar » Version: N/A
Qualcomm » Sc8180x Firmware » Version: N/A
cpe:2.3:o:qualcomm:sc8180x_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sc8180x » Version: N/A
Qualcomm » Sm8250 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sm8250_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sm8250 » Version: N/A
Qualcomm » Rennell Firmware » Version: N/A
cpe:2.3:o:qualcomm:rennell_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Rennell » Version: N/A
Qualcomm » Saipan Firmware » Version: N/A
cpe:2.3:o:qualcomm:saipan_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Saipan » Version: N/A
Qualcomm » Sc7180 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sc7180_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sc7180 » Version: N/A
Qualcomm » Ipq6018 Firmware » Version: N/A
cpe:2.3:o:qualcomm:ipq6018_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Ipq6018 » Version: N/A
Qualcomm » Kamorta Firmware » Version: N/A
cpe:2.3:o:qualcomm:kamorta_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Kamorta » Version: N/A
Qualcomm » Sa415m Firmware » Version: N/A
cpe:2.3:o:qualcomm:sa415m_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sa415m » Version: N/A
Qualcomm » Qca6390 Firmware » Version: N/A
cpe:2.3:o:qualcomm:qca6390_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Qca6390 » Version: N/A
Qualcomm » Ipq5018 Firmware » Version: N/A
cpe:2.3:o:qualcomm:ipq5018_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Ipq5018 » Version: N/A

Vulnerability Details : CVE-2020-3675

Exploit prediction scoring system (EPSS) score for CVE-2020-3675

CVSS scores for CVE-2020-3675

CWE ids for CVE-2020-3675

References for CVE-2020-3675

Products affected by CVE-2020-3675