CVE-2016-4576 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Huawei IPS Module Firmware

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer3 documents3 sources

Severity

9.8CRITICALNVD

EPSS

2.3%

top 15.09%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Huawei IPS Module Firmware Huawei Ngfw Module Firmware Huawei Nip6300 Firmware +6 more

Timeline

PublishedMay 23

Latest updateMay 17

Description

Buffer overflow in the Application Specific Packet Filtering (ASPF) functionality in the Huawei IPS Module, NGFW Module, NIP6300, NIP6600, Secospace USG6300, USG6500, USG6600, USG9500, and AntiDDoS8000 devices with software before V500R001C20SPC100 allows remote attackers to cause a denial of service or execute arbitrary code via a crafted packet, related to "illegitimate parameters."

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages9 packages

▶NVDhuawei/ngfw_module_firmwarev500r001c00

▶NVDhuawei/ips_module_firmwarev500r001c00

▶NVDhuawei/secospace_usg6300_firmwarev500r001c00

▶NVDhuawei/secospace_usg6500_firmwarev500r001c00

▶NVDhuawei/secospace_usg6600_firmwarev500r001c00

🔴Vulnerability Details

GHSA

GHSA-fjg3-w56q-6wxp: Buffer overflow in the Application Specific Packet Filtering (ASPF) functionality in the Huawei IPS Module, NGFW Module, NIP6300, NIP6600, Secospace U↗2022-05-17

▶

CVEList

CVE-2016-4576: Buffer overflow in the Application Specific Packet Filtering (ASPF) functionality in the Huawei IPS Module, NGFW Module, NIP6300, NIP6600, Secospace U↗2016-05-23

▶