CVE-2024-21453 - OpenCVE

Transient DOS while decoding message of size that exceeds the available system memory.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

No data.

No data.

No data.

References

Link	Providers
https://docs.qualcomm.com/product/publicresources/securitybulletin/april-2024-bulletin.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: qualcomm

Published: 2024-04-01T15:06:01.731Z

Updated: 2024-08-01T22:20:40.696Z

Reserved: 2023-12-12T06:07:46.902Z

Link: CVE-2024-21453

Vulnrichment

Updated: 2024-08-01T22:20:40.696Z

NVD

Status : Awaiting Analysis

Published: 2024-04-01T15:15:48.417

Modified: 2024-04-12T09:15:09.977

Link: CVE-2024-21453

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-21453", "assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f", "state": "PUBLISHED", "assignerShortName": "qualcomm", "dateReserved": "2023-12-12T06:07:46.902Z", "datePublished": "2024-04-01T15:06:01.731Z", "dateUpdated": "2024-08-01T22:20:40.696Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "platforms": ["Snapdragon Auto", "Snapdragon Consumer IOT"], "product": "Snapdragon", "vendor": "Qualcomm, Inc.", "versions": [{"status": "affected", "version": "C-V2X 9150"}, {"status": "affected", "version": "QCS410"}, {"status": "affected", "version": "QCS610"}, {"status": "affected", "version": "Qualcomm Video Collaboration VC1 Platform"}, {"status": "affected", "version": "Qualcomm Video Collaboration VC3 Platform"}, {"status": "affected", "version": "Snapdragon Auto 5G Modem-RF"}, {"status": "affected", "version": "Snapdragon Auto 4G Modem"}, {"status": "affected", "version": "WCD9341"}, {"status": "affected", "version": "WCD9370"}, {"status": "affected", "version": "WCN3950"}, {"status": "affected", "version": "WCN3980"}, {"status": "affected", "version": "WSA8810"}, {"status": "affected", "version": "WSA8815"}]}], "descriptions": [{"lang": "en", "value": "Transient DOS while decoding message of size that exceeds the available system memory."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "description": "CWE-20 Improper Input Validation", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f", "shortName": "qualcomm", "dateUpdated": "2024-04-12T08:39:02.719Z"}, "references": [{"url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/april-2024-bulletin.html"}], "title": "Improper Input Validation in Automotive Telematics"}, "adp": [{"affected": [{"vendor": "qualcomm", "product": "wcn3980", "cpes": ["cpe:2.3:h:qualcomm:wcn3980:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected"}]}, {"vendor": "qualcomm", "product": "wsa8810", "cpes": ["cpe:2.3:h:qualcomm:wsa8810:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected"}]}, {"vendor": "qualcomm", "product": "c-v2x_9150", "cpes": ["cpe:2.3:a:qualcomm:c-v2x_9150:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected"}]}, {"vendor": "qualcomm", "product": "qcs410", "cpes": ["cpe:2.3:h:qualcomm:qcs410:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected"}]}, {"vendor": "qualcomm", "product": "qcs610", "cpes": ["cpe:2.3:h:qualcomm:qcs610:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected"}]}, {"vendor": "qualcomm", "product": "video_collaboration_vc1", "cpes": ["cpe:2.3:h:qualcomm:video_collaboration_vc1:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected"}]}, {"vendor": "qualcomm", "product": "video_collaboration_vc3", "cpes": ["cpe:2.3:h:qualcomm:video_collaboration_vc3:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected"}]}, {"vendor": "qualcomm", "product": "snapdragon_auto_5g_modem-rf", "cpes": ["cpe:2.3:h:qualcomm:snapdragon_auto_5g_modem-rf:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected"}]}, {"vendor": "qualcomm", "product": "snapdragon_auto_4g_modem", "cpes": ["cpe:2.3:a:qualcomm:snapdragon_auto_4g_modem:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected"}]}, {"vendor": "qualcomm", "product": "wcd9341", "cpes": ["cpe:2.3:h:qualcomm:wcd9341:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected"}]}, {"vendor": "qualcomm", "product": "wcd9370", "cpes": ["cpe:2.3:h:qualcomm:wcd9370:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected"}]}, {"vendor": "qualcomm", "product": "wcn3950", "cpes": ["cpe:2.3:h:qualcomm:wcn3950:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected"}]}, {"vendor": "qualcomm", "product": "wsa8815", "cpes": ["cpe:2.3:h:qualcomm:wsa8815:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-04-01T18:14:42.283096Z", "id": "CVE-2024-21453", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-01T14:05:32.525Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T22:20:40.696Z"}, "title": "CVE Program Container", "references": [{"url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/april-2024-bulletin.html", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/april-2024-bulletin.html", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T22:20:40.696Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-21453", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-04-01T18:14:42.283096Z"}}}], "affected": [{"cpes": ["cpe:2.3:h:qualcomm:wcn3980:-:*:*:*:*:*:*:*"], "vendor": "qualcomm", "product": "wcn3980", "versions": [{"status": "affected", "version": "0"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:h:qualcomm:wsa8810:-:*:*:*:*:*:*:*"], "vendor": "qualcomm", "product": "wsa8810", "versions": [{"status": "affected", "version": "0"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:qualcomm:c-v2x_9150:*:*:*:*:*:*:*:*"], "vendor": "qualcomm", "product": "c-v2x_9150", "versions": [{"status": "affected", "version": "0"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:h:qualcomm:qcs410:-:*:*:*:*:*:*:*"], "vendor": "qualcomm", "product": "qcs410", "versions": [{"status": "affected", "version": "0"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:h:qualcomm:qcs610:-:*:*:*:*:*:*:*"], "vendor": "qualcomm", "product": "qcs610", "versions": [{"status": "affected", "version": "0"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:h:qualcomm:video_collaboration_vc1:-:*:*:*:*:*:*:*"], "vendor": "qualcomm", "product": "video_collaboration_vc1", "versions": [{"status": "affected", "version": "0"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:h:qualcomm:video_collaboration_vc3:-:*:*:*:*:*:*:*"], "vendor": "qualcomm", "product": "video_collaboration_vc3", "versions": [{"status": "affected", "version": "0"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:h:qualcomm:snapdragon_auto_5g_modem-rf:-:*:*:*:*:*:*:*"], "vendor": "qualcomm", "product": "snapdragon_auto_5g_modem-rf", "versions": [{"status": "affected", "version": "0"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:qualcomm:snapdragon_auto_4g_modem:*:*:*:*:*:*:*:*"], "vendor": "qualcomm", "product": "snapdragon_auto_4g_modem", "versions": [{"status": "affected", "version": "0"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:h:qualcomm:wcd9341:-:*:*:*:*:*:*:*"], "vendor": "qualcomm", "product": "wcd9341", "versions": [{"status": "affected", "version": "0"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:h:qualcomm:wcd9370:-:*:*:*:*:*:*:*"], "vendor": "qualcomm", "product": "wcd9370", "versions": [{"status": "affected", "version": "0"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:h:qualcomm:wcn3950:-:*:*:*:*:*:*:*"], "vendor": "qualcomm", "product": "wcn3950", "versions": [{"status": "affected", "version": "0"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:h:qualcomm:wsa8815:-:*:*:*:*:*:*:*"], "vendor": "qualcomm", "product": "wsa8815", "versions": [{"status": "affected", "version": "0"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-01T13:51:06.193Z"}}], "cna": {"title": "Improper Input Validation in Automotive Telematics", "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Qualcomm, Inc.", "product": "Snapdragon", "versions": [{"status": "affected", "version": "C-V2X 9150"}, {"status": "affected", "version": "QCS410"}, {"status": "affected", "version": "QCS610"}, {"status": "affected", "version": "Qualcomm Video Collaboration VC1 Platform"}, {"status": "affected", "version": "Qualcomm Video Collaboration VC3 Platform"}, {"status": "affected", "version": "Snapdragon Auto 5G Modem-RF"}, {"status": "affected", "version": "Snapdragon Auto 4G Modem"}, {"status": "affected", "version": "WCD9341"}, {"status": "affected", "version": "WCD9370"}, {"status": "affected", "version": "WCN3950"}, {"status": "affected", "version": "WCN3980"}, {"status": "affected", "version": "WSA8810"}, {"status": "affected", "version": "WSA8815"}], "platforms": ["Snapdragon Auto", "Snapdragon Consumer IOT"], "defaultStatus": "unaffected"}], "references": [{"url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/april-2024-bulletin.html"}], "descriptions": [{"lang": "en", "value": "Transient DOS while decoding message of size that exceeds the available system memory."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-20", "description": "CWE-20 Improper Input Validation"}]}], "providerMetadata": {"orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f", "shortName": "qualcomm", "dateUpdated": "2024-04-12T08:39:02.719Z"}}}, "cveMetadata": {"cveId": "CVE-2024-21453", "state": "PUBLISHED", "dateUpdated": "2024-08-01T22:20:40.696Z", "dateReserved": "2023-12-12T06:07:46.902Z", "assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f", "datePublished": "2024-04-01T15:06:01.731Z", "assignerShortName": "qualcomm"}, "dataVersion": "5.1"}