CVE-2020-11293
CVE-2020-11293
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 5.1EPSS 0.1%KEV nãoPoC —Nuclei —Metasploit —Patch —
Lifecycle
07 May 2021Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Out of bound read can happen in Widevine TA while copying data to buffer from user data due to lack of check of buffer length received in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:L