CVE-2017-2729

CWE-119 — Buffer Overflow3 documents3 sources

Severity

7.8HIGH

EPSS

0.2%

top 61.81%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Huawei Honor 5A Firmware Huawei P8 Lite Firmware Huawei Technologies Co., Ltd. Honor 5A

Timeline

PublishedNov 22

Latest updateMay 17

Description

The boot loaders in Honor 5A smart phones with software Versions earlier than CAM-TL00C01B193,Versions earlier than CAM-TL00HC00B193,Versions earlier than CAM-UL00C00B193 have a buffer overflow vulnerability. An attacker with the root privilege of an Android system may trick a user into installing a malicious APP. The APP can modify specific data to cause buffer overflow in the next system reboot, causing continuous system reboot or arbitrary code execution.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

▶NVDhuawei/honor_5a_firmware< cam-tl00c01b193+2

▶CVEListV5huawei_technologies_co.,_ltd./honor_5aVersions earlier than CAM-TL00C01B193,Versions earlier than CAM-TL00HC00B193,Versions earlier than CAM-UL00C00B193

▶NVDhuawei/p8_lite_firmware< ale-l02c635b568+6

🔴Vulnerability Details

GHSA

GHSA-r36m-m8f3-qqfx: The boot loaders in Honor 5A smart phones with software Versions earlier than CAM-TL00C01B193,Versions earlier than CAM-TL00HC00B193,Versions earlier↗2022-05-17

▶

CVEList

CVE-2017-2729: The boot loaders in Honor 5A smart phones with software Versions earlier than CAM-TL00C01B193,Versions earlier than CAM-TL00HC00B193,Versions earlier↗2017-11-22

▶