CVE-2017-17330Missing Release of Resource after Effective Lifetime in Huawei Ar3200 Firmware

CWE-772Missing Release of Resource after Effective Lifetime3 documents3 sources
Severity
3.3LOWNVD
EPSS
0.0%
top 92.95%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Huawei Ar3200 FirmwareHuawei Ngfw Module Firmware
Timeline
PublishedMar 9
Latest updateMay 13

Description

Huawei AR3200 V200R005C32; V200R006C10; V200R006C11; V200R007C00; V200R007C01; V200R007C02; V200R008C00; V200R008C10; V200R008C20; V200R008C30; NGFW Module V500R001C00; V500R001C20; V500R002C00 have a memory leak vulnerability. The software does not release allocated memory properly when parse XML element data. An authenticated attacker could upload a crafted XML file, successful exploit could cause the system service abnormal since run out of memory.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:LExploitability: 1.8 | Impact: 1.4

Affected Packages2 packages

NVDhuawei/ngfw_module_firmwarev500r001c00, v500r001c20, v500r002c00+2
NVDhuawei/ar3200_firmware10 versions+9

🔴Vulnerability Details

2
GHSA
GHSA-c6x3-qv98-47rh: Huawei AR3200 V200R005C32; V200R006C10; V200R006C11; V200R007C00; V200R007C01; V200R007C02; V200R008C00; V200R008C10; V200R008C20; V200R008C30; NGFW M2022-05-13
CVEList
CVE-2017-17330: Huawei AR3200 V200R005C32; V200R006C10; V200R006C11; V200R007C00; V200R007C01; V200R007C02; V200R008C00; V200R008C10; V200R008C20; V200R008C30; NGFW M2018-03-09
CVE-2017-17330 — Huawei Ar3200 Firmware vulnerability | cvebase