CVE-2017-17324

Опубликовано: 09 мар. 2018

Источник: nvd

CVSS3: 7.8

CVSS2: 6.8

EPSS Низкий

Описание

Huawei Mate 9 Pro smartphones with software LON-AL00BC00B139D; LON-AL00BC00B229 have an integer overflow vulnerability. The camera driver does not validate the external input parameters and causes an integer overflow, which in the after processing results in a buffer overflow. An attacker tricks the user to install a crafted application, successful exploit could cause malicious code execution.

Ссылки

http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180124-01-smartphone-en
Vendor Advisory
http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180124-01-smartphone-en
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

Одно из

cpe:2.3:o:huawei:mate_9_pro_firmware:lon-al00bc00b139d:*:*:*:*:*:*:*

cpe:2.3:o:huawei:mate_9_pro_firmware:lon-al00bc00b229:*:*:*:*:*:*:*

cpe:2.3:h:huawei:mate_9_pro:-:*:*:*:*:*:*:*

EPSS

Процентиль: 57%

0.00352

Низкий

7.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-190

Связанные уязвимости

GHSA-8v75-3r4m-5rpw