CVEs-PoC/2020/CVE-2020-11255.md

### [CVE-2020-11255](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11255)
![](https://img.shields.io/static/v1?label=Product&message=Snapdragon%20Auto%2C%20Snapdragon%20Compute%2C%20Snapdragon%20Connectivity%2C%20Snapdragon%20Consumer%20IOT%2C%20Snapdragon%20Industrial%20IOT%2C%20Snapdragon%20IoT%2C%20Snapdragon%20Mobile%2C%20Snapdragon%20Wearables&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=Improper%20Release%20of%20Memory%20Before%20Removing%20Last%20Reference%20in%20Data%20Modem&color=brighgreen)

### Description

Denial of service while processing RTCP packets containing multiple SDES reports due to memory for last SDES packet is freed and rest of the memory is leaked in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Wearables

### POC

#### Reference
- https://www.qualcomm.com/company/product-security/bulletins/april-2021-bulletin

#### Github
No PoCs found on GitHub currently.