1. Home
  2. CVE Database
  3. CVE-2024-23366
MEDIUM · 6.6

CVE-2024-23366

Information Disclosure while invoking the mailbox write API when message received from user is larger than mailbox size.

Vulnerability Description

Information Disclosure while invoking the mailbox write API when message received from user is larger than mailbox size.

CVSS Score

6.6

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
LOW
Availability
LOW

Affected Products

VendorProductVersions
QualcommQam8255P Firmware-
QualcommQam8255P-
QualcommQam8295P Firmware-
QualcommQam8295P-
QualcommQam8650P Firmware-
QualcommQam8650P-
QualcommQam8775P Firmware-
QualcommQam8775P-
QualcommQamsrv1H Firmware-
QualcommQamsrv1H-
QualcommQca6595 Firmware-
QualcommQca6595-
QualcommQca6595Au Firmware-
QualcommQca6595Au-
QualcommQca6696 Firmware-
QualcommQca6696-
QualcommQca6698Aq Firmware-
QualcommQca6698Aq-
QualcommSa8255P Firmware-
QualcommSa8255P-

Related Weaknesses (CWE)

CWE-126CWE-125

References

FAQ

What is CVE-2024-23366?

CVE-2024-23366 is a vulnerability with a CVSS score of 6.6 (MEDIUM). Information Disclosure while invoking the mailbox write API when message received from user is larger than mailbox size.

How severe is CVE-2024-23366?

CVE-2024-23366 has been rated MEDIUM with a CVSS base score of 6.6/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-23366?

Check the references section above for vendor advisories and patch information. Affected products include: Qualcomm Qam8255P Firmware, Qualcomm Qam8255P, Qualcomm Qam8295P Firmware, Qualcomm Qam8295P, Qualcomm Qam8650P Firmware.