CVE-2016-4577 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Huawei Ngfw Module Firmware

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer3 documents3 sources

Severity

7.5HIGHNVD

EPSS

0.1%

top 68.30%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Huawei Ngfw Module Firmware Huawei Secospace Usg6300 Firmware Huawei Secospace Usg6500 Firmware +2 more

Timeline

PublishedMay 23

Latest updateMay 17

Description

Buffer overflow in the Smart DNS functionality in the Huawei NGFW Module and Secospace USG6300, USG6500, USG6600, and USG9500 firewalls with software before V500R001C20SPC100 allows remote attackers to cause a denial of service or execute arbitrary code via a crafted packet, related to "illegitimate parameters."

CVSS vector

CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 1.6 | Impact: 5.9

Affected Packages5 packages

▶NVDhuawei/ngfw_module_firmwarev500r001c00

▶NVDhuawei/secospace_usg6300_firmwarev500r001c00

▶NVDhuawei/secospace_usg6500_firmwarev500r001c00

▶NVDhuawei/secospace_usg6600_firmwarev500r001c00

▶NVDhuawei/usg9500_firmwarev500r001c00

🔴Vulnerability Details

GHSA

GHSA-v5q4-qq7p-9vw8: Buffer overflow in the Smart DNS functionality in the Huawei NGFW Module and Secospace USG6300, USG6500, USG6600, and USG9500 firewalls with software↗2022-05-17

▶

CVEList

CVE-2016-4577: Buffer overflow in the Smart DNS functionality in the Huawei NGFW Module and Secospace USG6300, USG6500, USG6600, and USG9500 firewalls with software↗2016-05-23

▶