CVE-2017-2724

CWE-119 — Buffer Overflow3 documents3 sources

Severity

8.4HIGH

EPSS

0.2%

top 59.70%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Huawei P10 Firmware Huawei P10 Plus Firmware

Timeline

PublishedNov 22

Latest updateMay 17

Description

Bastet in P10 Plus and P10 smart phones with software earlier than VKY-AL00C00B123 versions, earlier than VTR-AL00C00B123 versions have a buffer overflow vulnerability. An attacker with the root privilege of an Android system may trick a user into installing a malicious APP. The APP can modify specific data to cause buffer overflow in the next system reboot, causing continuous system reboot or arbitrary code execution.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.5 | Impact: 5.9

Affected Packages2 packages

▶NVDhuawei/p10_plus_firmware< vky-al00c00b123

▶NVDhuawei/p10_firmware< vtr-al00c00b123

🔴Vulnerability Details

GHSA

GHSA-jcx6-9vqr-gv6h: Bastet in P10 Plus and P10 smart phones with software earlier than VKY-AL00C00B123 versions, earlier than VTR-AL00C00B123 versions have a buffer overf↗2022-05-17

▶

CVEList

CVE-2017-2724: Bastet in P10 Plus and P10 smart phones with software earlier than VKY-AL00C00B123 versions, earlier than VTR-AL00C00B123 versions have a buffer overf↗2017-11-22

▶