Details of VAR-202301-0215

ID

VAR-202301-0215

CVE

CVE-2022-33255

TITLE

plural Qualcomm Product out-of-bounds read vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2022-004583

DESCRIPTION

Information disclosure due to buffer over-read in Bluetooth HOST while processing GetFolderItems and GetItemAttribute Cmds from peer device. plural Qualcomm The product contains an out-of-bounds read vulnerability.Information may be obtained

Trust: 1.71

sources: NVD: CVE-2022-33255 // JVNDB: JVNDB-2022-004583 // VULMON: CVE-2022-33255

IOT TAXONOMY

category:	['other device', 'embedded device']	sub_category:	SoC	Trust: 0.1
category:	['other device', 'embedded device']	sub_category:	general	Trust: 0.1

sources: OTHER: None

AFFECTED PRODUCTS

vendor:	qualcomm	model:	wcn3990	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcn6850	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcd9341	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	csra6620	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcn3988	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sa6145p	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 8 gen1 5g	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcn3950	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd835	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcn3660b	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qrb5165	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdxr1	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wsa8830	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcn6855	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcn6856	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca6436	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca6696	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcd9370	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wsa8835	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd660	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca6421	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcd9335	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcn3680b	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wsa8815	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qrb5165m	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sa8145p	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd626	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sw5100p	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	msm8208	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcn6851	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca6335	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qcs610	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcn7851	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qcc5100	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdxr2 5g	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcd9340	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca6595au	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdm429w	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sa8155	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	msm8608	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca6574au	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qcs410	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdx55m	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca6431	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	apq8009	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd625	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd429	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcn3620	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wsa8810	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd845	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcn3615	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcn3980	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca6426	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qcn9011	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca6574a	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sa8150p	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcn3998	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcd9326	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca6595	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qcm6125	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcn3610	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	msm8209	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd870	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qrb5165n	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qcn9012	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcn7850	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qcs605	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sa6155	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sa8195p	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca6320	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca6391	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qcs6125	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sa8155p	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sa6155p	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	ar8031	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca6574	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qcn9074	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	msm8108	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcn3680	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd439	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca6310	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd205	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qualcomm215	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qcs405	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd865 5g	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sw5100	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca6390	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcd9385	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd210	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcd9380	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sa6150p	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	csra6640	scope:	eq	version:	-	Trust: 1.0
vendor:	クアルコム	model:	qca6310	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	csra6640	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	ar8031	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	qca6320	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	csra6620	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	apq8009	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	msm8108	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	msm8208	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	msm8209	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	msm8608	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2022-004583 // NVD: CVE-2022-33255

CVSS

SEVERITY

CVSSV2

CVSSV3

product-security@qualcomm.com:	CVE-2022-33255
value:	HIGH
Trust: 1.0
nvd@nist.gov:	CVE-2022-33255
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2022-33255
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202301-204
value:	MEDIUM
Trust: 0.6

product-security@qualcomm.com:	CVE-2022-33255
baseSeverity:	HIGH
baseScore:	8.2
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	LOW
exploitabilityScore:	3.9
impactScore:	4.2
version:	3.1
Trust: 1.0
nvd@nist.gov:	CVE-2022-33255
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2022-33255
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	ADJACENT NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2022-004583 // CNNVD: CNNVD-202301-204 // NVD: CVE-2022-33255 // NVD: CVE-2022-33255

PROBLEMTYPE DATA

problemtype:	CWE-125	Trust: 1.0
problemtype:	CWE-787	Trust: 1.0
problemtype:	Out-of-bounds read (CWE-125) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2022-004583 // NVD: CVE-2022-33255

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202301-204

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202301-204

PATCH

title:	January 2023 Security Bulletin	url:	https://docs.qualcomm.com/product/publicresources/securitybulletin/january-2023-bulletin.html	Trust: 0.8
title:	Google Android Buffer error vulnerability fix	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=221564	Trust: 0.6

sources: JVNDB: JVNDB-2022-004583 // CNNVD: CNNVD-202301-204

EXTERNAL IDS

db:	NVD	id:	CVE-2022-33255	Trust: 3.4
db:	JVNDB	id:	JVNDB-2022-004583	Trust: 0.8
db:	AUSCERT	id:	ESB-2023.0068	Trust: 0.6
db:	CNNVD	id:	CNNVD-202301-204	Trust: 0.6
db:	OTHER	id:	NONE	Trust: 0.1
db:	VULMON	id:	CVE-2022-33255	Trust: 0.1

sources: OTHER: None // VULMON: CVE-2022-33255 // JVNDB: JVNDB-2022-004583 // CNNVD: CNNVD-202301-204 // NVD: CVE-2022-33255

REFERENCES

url:	https://www.qualcomm.com/company/product-security/bulletins/january-2023-bulletin	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2022-33255	Trust: 0.8
url:	https://cxsecurity.com/cveshow/cve-2022-33255/	Trust: 0.6
url:	https://vigilance.fr/vulnerability/google-android-pixel-multiple-vulnerabilities-of-january-2023-40220	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2023.0068	Trust: 0.6
url:	https://ieeexplore.ieee.org/abstract/document/10769424	Trust: 0.1
url:	https://github.com/live-hack-cve/cve-2022-33255	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: OTHER: None // VULMON: CVE-2022-33255 // JVNDB: JVNDB-2022-004583 // CNNVD: CNNVD-202301-204 // NVD: CVE-2022-33255

SOURCES

db:	OTHER	id:	-
db:	VULMON	id:	CVE-2022-33255
db:	JVNDB	id:	JVNDB-2022-004583
db:	CNNVD	id:	CNNVD-202301-204
db:	NVD	id:	CVE-2022-33255

LAST UPDATE DATE

2025-04-10T22:04:24.940000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2022-33255	date:	2023-01-09T00:00:00
db:	JVNDB	id:	JVNDB-2022-004583	date:	2023-04-19T08:57:00
db:	CNNVD	id:	CNNVD-202301-204	date:	2023-01-16T00:00:00
db:	NVD	id:	CVE-2022-33255	date:	2025-04-09T15:15:47.040

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2022-33255	date:	2023-01-09T00:00:00
db:	JVNDB	id:	JVNDB-2022-004583	date:	2023-04-19T00:00:00
db:	CNNVD	id:	CNNVD-202301-204	date:	2023-01-04T00:00:00
db:	NVD	id:	CVE-2022-33255	date:	2023-01-09T08:15:12.097