CVE-2017-2729

Опубликовано: 22 нояб. 2017

Источник: nvd

CVSS3: 7.8

CVSS2: 9.3

EPSS Низкий

Описание

The boot loaders in Honor 5A smart phones with software Versions earlier than CAM-TL00C01B193,Versions earlier than CAM-TL00HC00B193,Versions earlier than CAM-UL00C00B193 have a buffer overflow vulnerability. An attacker with the root privilege of an Android system may trick a user into installing a malicious APP. The APP can modify specific data to cause buffer overflow in the next system reboot, causing continuous system reboot or arbitrary code execution.

Ссылки

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170302-01-smartphone-en
Vendor Advisory
http://www.securityfocus.com/bid/96526
Third Party Advisory
VDB Entry
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170302-01-smartphone-en
Vendor Advisory
http://www.securityfocus.com/bid/96526
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:huawei:honor_5a_firmware:*:*:*:*:*:*:*:*

Версия до cam-tl00c01b193 (исключая)

cpe:2.3:h:huawei:honor_5a:-:*:*:*:*:*:*:*

Конфигурация 2

Одновременно

cpe:2.3:o:huawei:honor_5a_firmware:*:*:*:*:*:*:*:*

Версия до cam-tl00hc00b193 (исключая)

cpe:2.3:h:huawei:honor_5a:-:*:*:*:*:*:*:*

Конфигурация 3

Одновременно

cpe:2.3:o:huawei:honor_5a_firmware:*:*:*:*:*:*:*:*

Версия до cam-ul00c00b193 (исключая)

cpe:2.3:h:huawei:honor_5a:-:*:*:*:*:*:*:*

Конфигурация 4

Одновременно