CVE-2024-23366

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-23366
Information Disclosure while invoking the mailbox write API when message received from user is larger than mailbox size.

6.6 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 4.7

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

References
Link Resource
https://docs.qualcomm.com/product/publicresources/securitybulletin/january-2025-bulletin.html Vendor Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:qualcomm:qam8255p_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:qam8255p:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:qualcomm:qam8295p_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:qam8295p:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:qualcomm:qam8650p_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:qam8650p:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:qualcomm:qam8775p_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:qam8775p:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:qualcomm:qamsrv1h_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:qamsrv1h:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:qualcomm:qca6595_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:qca6595:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:qualcomm:qca6595au_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:qca6595au:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:qualcomm:qca6696_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:qca6696:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:qualcomm:qca6698aq_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:qca6698aq:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:qualcomm:sa8255p_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sa8255p:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
cpe:2.3:o:qualcomm:sa8295p_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sa8295p:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND
cpe:2.3:o:qualcomm:sa8540p_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sa8540p:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND
cpe:2.3:o:qualcomm:sa8650p_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sa8650p:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND
cpe:2.3:o:qualcomm:sa8770p_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sa8770p:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND
cpe:2.3:o:qualcomm:sa8775p_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sa8775p:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND
cpe:2.3:o:qualcomm:sa9000p_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sa9000p:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND
cpe:2.3:o:qualcomm:srv1h_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:srv1h:-:*:*:*:*:*:*:*
History

10 Jan 2025, 17:20

Type Values Removed Values Added
CWE CWE-125
References () https://docs.qualcomm.com/product/publicresources/securitybulletin/january-2025-bulletin.html - () https://docs.qualcomm.com/product/publicresources/securitybulletin/january-2025-bulletin.html - Vendor Advisory
Summary
  • (es) Divulgación de información al invocar la API de escritura del buzón cuando el mensaje recibido del usuario es mayor que el tamaño del buzón.
First Time Qualcomm sa8255p Firmware
Qualcomm sa8540p Firmware
Qualcomm qam8255p Firmware
Qualcomm qca6698aq Firmware
Qualcomm qam8295p
Qualcomm qca6595
Qualcomm qca6595au Firmware
Qualcomm qam8650p
Qualcomm sa8775p Firmware
Qualcomm sa8295p
Qualcomm sa9000p Firmware
Qualcomm qca6696 Firmware
Qualcomm sa8770p Firmware
Qualcomm sa8255p
Qualcomm qam8295p Firmware
Qualcomm qca6698aq
Qualcomm qca6696
Qualcomm qam8775p
Qualcomm qca6595au
Qualcomm qam8255p
Qualcomm qca6595 Firmware
Qualcomm sa9000p
Qualcomm sa8775p
Qualcomm qamsrv1h Firmware
Qualcomm sa8650p
Qualcomm qam8650p Firmware
Qualcomm qam8775p Firmware
Qualcomm qamsrv1h
Qualcomm sa8295p Firmware
Qualcomm sa8650p Firmware
Qualcomm srv1h
Qualcomm srv1h Firmware
Qualcomm sa8770p
Qualcomm sa8540p
Qualcomm
CPE cpe:2.3:o:qualcomm:qca6595_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sa8540p:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:sa8255p_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:qam8255p:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:qam8295p_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:qam8295p:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sa8295p:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sa8650p:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:qca6595:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:qca6698aq_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:qca6696_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:sa8540p_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sa8255p:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:qca6696:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:qam8650p_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:qam8650p:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:sa8650p_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:srv1h_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:qam8775p_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:sa8770p_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:sa8295p_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:qam8255p_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:sa8775p_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sa8775p:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:qamsrv1h:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sa8770p:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:qca6595au_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:qca6595au:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:qca6698aq:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sa9000p:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:srv1h:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:sa9000p_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:qam8775p:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:qamsrv1h_firmware:-:*:*:*:*:*:*:*

06 Jan 2025, 11:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-01-06 11:15

Updated : 2025-01-10 17:20

NVD link : CVE-2024-23366

Mitre link : CVE-2024-23366

CVE.ORG link : CVE-2024-23366

JSON object : View

Products Affected

qualcomm

  • qam8295p
  • qam8295p_firmware
  • qca6595_firmware
  • sa8770p_firmware
  • sa8255p
  • qca6696
  • sa9000p_firmware
  • sa8540p
  • qca6595au
  • qca6696_firmware
  • sa9000p
  • qca6595au_firmware
  • qca6698aq
  • sa8775p
  • qam8775p
  • qam8650p
  • qca6698aq_firmware
  • sa8650p
  • sa8775p_firmware
  • qam8255p
  • sa8770p
  • sa8295p
  • qamsrv1h
  • qamsrv1h_firmware
  • srv1h_firmware
  • sa8650p_firmware
  • qam8650p_firmware
  • sa8540p_firmware
  • qam8255p_firmware
  • srv1h
  • sa8255p_firmware
  • qca6595
  • qam8775p_firmware
  • sa8295p_firmware
CWE
CWE-126

Buffer Over-read

CWE-125

Out-of-bounds Read