CVE-2020-9263

Опубликовано: 19 окт. 2020

Источник: nvd

CVSS3: 7.8

CVSS2: 6.8

EPSS Низкий

Описание

HUAWEI Mate 30 versions earlier than 10.1.0.150(C00E136R5P3) and HUAWEI P30 version earlier than 10.1.0.160(C00E160R2P11) have a use after free vulnerability. There is a condition exists that the system would reference memory after it has been freed, the attacker should trick the user into running a crafted application with common privilege, successful exploit could cause code execution.

Ссылки

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200701-07-smartphone-en
Vendor Advisory
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200701-07-smartphone-en
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:huawei:mate_30_firmware:*:*:*:*:*:*:*:*

Версия до 10.1.0.150\(c00e136r5p3\) (исключая)

cpe:2.3:h:huawei:mate_30:-:*:*:*:*:*:*:*

Конфигурация 2

Одновременно

cpe:2.3:o:huawei:p30_firmware:*:*:*:*:*:*:*:*

Версия до 10.1.0.160\(c00e160r2p11\) (исключая)

cpe:2.3:h:huawei:p30:-:*:*:*:*:*:*:*

EPSS

Процентиль: 54%

0.00318

Низкий

7.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-416

Связанные уязвимости

GHSA-xh3q-7hfg-v6rr

github

больше 3 лет назад