CVE-2022-25732 — Vulnetix

Try Vulnetix Request Demo

CVE-2022-25732 PUBLISHED CVSS 8.2 HIGH

Reported by qualcomm · Published February 9, 2023

Information disclosure in modem due to buffer over read in dns client due to missing length check

Risk Scores

CVSS v3.1

8.2

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L

Affected Products

Vendor	Product	Versions
Qualcomm, Inc.	Snapdragon	AR8031, CSRA6620, CSRA6640
Qualcomm, Inc.	Snapdragon	AR8031, CSRA6620, CSRA6640
qualcomm	sxr1230p_firmware	*
qualcomm	wcd9385_firmware	*
qualcomm	wsa8835_firmware	*
qualcomm	sxr2230p_firmware	*
qualcomm	wcn6856_firmware	*
qualcomm	wcd9306_firmware	*
qualcomm	qts110_firmware	*
qualcomm	wcd9335_firmware	*
qualcomm	mdm9207_firmware	*
qualcomm	ssg2125p_firmware	*
qualcomm	wsa8810_firmware	*
qualcomm	wsa8830_firmware	*
qualcomm	csra6640_firmware	*
qualcomm	wsa8832_firmware	*
qualcomm	mdm8207_firmware	*
qualcomm	wcn3980_firmware	*
qualcomm	ssg2115p_firmware	*
qualcomm	qca4024_firmware	*

…and 15 more

Timeline

Feb 9, 2023 EPSS Score
Feb 9, 2023 CVE Published
Mar 7, 2023 EPSS Score
Mar 20, 2023 EPSS Score
Apr 29, 2023 EPSS Score
Jun 7, 2023 EPSS Score
Jul 16, 2023 EPSS Score
Aug 24, 2023 EPSS Score
Oct 3, 2023 EPSS Score
Nov 11, 2023 EPSS Score
Dec 20, 2023 EPSS Score
Jan 28, 2024 EPSS Score

References

Open in Interactive Console →