CVE-2017-17324

CWE-190Integer Overflow3 documents3 sources
Severity
7.8HIGH
EPSS
0.4%
top 40.71%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Huawei Technologies Co., Ltd. Mate 9 PROHuawei Mate 9 PRO Firmware
Timeline
PublishedMar 9
Latest updateMay 14

Description

Huawei Mate 9 Pro smartphones with software LON-AL00BC00B139D; LON-AL00BC00B229 have an integer overflow vulnerability. The camera driver does not validate the external input parameters and causes an integer overflow, which in the after processing results in a buffer overflow. An attacker tricks the user to install a crafted application, successful exploit could cause malicious code execution.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

NVDhuawei/mate_9_pro_firmwarelon-al00bc00b139d, lon-al00bc00b229+1
CVEListV5huawei_technologies_co.,_ltd./mate_9_proLON-AL00BC00B139D, LON-AL00BC00B229+1

🔴Vulnerability Details

2
GHSA
GHSA-8v75-3r4m-5rpw: Huawei Mate 9 Pro smartphones with software LON-AL00BC00B139D; LON-AL00BC00B229 have an integer overflow vulnerability2022-05-14
CVEList
CVE-2017-17324: Huawei Mate 9 Pro smartphones with software LON-AL00BC00B139D; LON-AL00BC00B229 have an integer overflow vulnerability2018-03-09
CVE-2017-17324 (HIGH CVSS 7.8) | Huawei Mate 9 Pro smartphones with | cvebase.io