CVE-2020-1804

Опубликовано: 27 апр. 2020

Источник: nvd

CVSS3: 7.1

CVSS2: 5.8

EPSS Низкий

Описание

Huawei Honor V10 smartphones with versions earlier than 10.0.0.156(C00E156R2P4) has three out of bounds vulnerabilities. Certain driver program does not sufficiently validate certain parameters received, that would lead to several bytes out of bound read. Successful exploit may cause information disclosure or service abnormal. This is 1 out of 3 out of bounds vulnerabilities found. Different than CVE-2020-1805 and CVE-2020-1806.

Ссылки

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200422-02-smartphone-en
Vendor Advisory
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200422-02-smartphone-en
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:huawei:honor_v10_firmware:*:*:*:*:*:*:*:*

Версия до 10.0.0.156\(c00e156r2p4\) (исключая)

cpe:2.3:h:huawei:honor_v10:-:*:*:*:*:*:*:*

EPSS

Процентиль: 28%

0.00101

Низкий

7.1 High

CVSS3

5.8 Medium

CVSS2

Дефекты

CWE-125

Связанные уязвимости

GHSA-r5pv-cm2h-vfmj

github

больше 3 лет назад