Vulnerabilities > CVE-2022-33211 - Incorrect Calculation of Buffer Size vulnerability in Qualcomm products

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

critical

NVD

Published: 2023-04-13

Updated: 2024-04-12

Summary

memory corruption in modem due to improper check while calculating size of serialized CoAP message

Part	Description	Count
OS	Qualcomm Qualcomm Mdm8207 Firmware - Qualcomm Mdm9205 Firmware - Qualcomm Mdm9206 Firmware - Qualcomm Mdm9207 Firmware - Qualcomm Qca4004 Firmware - Qualcomm Qts110 Firmware - Qualcomm Snapdragon Wear 1100 Firmware - Qualcomm Snapdragon Wear 1200 Firmware - Qualcomm Snapdragon Wear 1300 Firmware - Qualcomm Snapdragon X5 LTE Modem Firmware - Qualcomm Wcd9306 Firmware - Qualcomm Wcd9330 Firmware -	12
Hardware	Qualcomm Qualcomm Mdm8207 - Qualcomm Mdm9205 - Qualcomm Mdm9206 - Qualcomm Mdm9207 - Qualcomm Qca4004 - Qualcomm Qts110 - Qualcomm Snapdragon Wear 1100 - Qualcomm Snapdragon Wear 1200 - Qualcomm Snapdragon Wear 1300 - Qualcomm Snapdragon X5 LTE Modem - Qualcomm Wcd9306 - Qualcomm Wcd9330 -	12

Overflow Buffers
Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.
Buffer Overflow via Parameter Expansion
In this attack, the target software is given input that the attacker knows will be modified and expanded in size during processing. This attack relies on the target software failing to anticipate that the expanded data may exceed some internal limit, thereby creating a buffer overflow.