CVE-2020-11172

moderate-risk

Published 2020-11-02

u'fscanf reads a string from a file and stores its contents on a statically allocated stack memory which leads to stack overflow' in Snapdragon Wired Infrastructure and Networking in IPQ4019, IPQ6018, IPQ8064, IPQ8074, QCA9531, QCA9980

Do I need to act?

0.31% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 9.8/10 Critical

NETWORK / LOW complexity

Affected Products (6)

Ipq4019 Firmware

Ipq6018 Firmware

Ipq8064 Firmware

Ipq8074 Firmware

Qca9531 Firmware

Qca9980 Firmware

Affected Vendors

Qualcomm

References (3)

Broken Link https://www.qualcomm.com/company/product-security/bulletins/october-2020-bulleti...

Vendor Advisory https://www.qualcomm.com/company/product-security/bulletins/october-2020-securit...

Broken Link https://www.qualcomm.com/company/product-security/bulletins/october-2020-bulleti...

/ 100

moderate-risk

Severity 32/34 · Critical

Exploitability 1/34 · Minimal

Exposure 13/34 · Low