CVE-2017-8149

CWE-119Buffer Overflow3 documents3 sources
Severity
5.5MEDIUM
EPSS
0.1%
top 80.57%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Huawei P10 FirmwareHuawei P10 Plus Firmware
Timeline
PublishedNov 22
Latest updateMay 17

Description

The boot loaders of P10 and P10 Plus Huawei mobile phones with software the versions before Victoria-L09AC605B162, the versions before Victoria-L29AC605B162, the versions before Vicky-L29AC605B162 have an out-of-bounds memory access vulnerability due to the lack of parameter validation. An attacker with the root privilege of an Android system may trick a user into installing a malicious APP. the APP can modify specific data to cause buffer overflow in the next system reboot, causing out-of-bound

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

NVDhuawei/p10_plus_firmware< vicky-l29ac605b162
NVDhuawei/p10_firmware< victoria-l09ac605b162+1

🔴Vulnerability Details

2
GHSA
GHSA-g6jw-2m24-vm7j: The boot loaders of P10 and P10 Plus Huawei mobile phones with software the versions before Victoria-L09AC605B162, the versions before Victoria-L29AC62022-05-17
CVEList
CVE-2017-8149: The boot loaders of P10 and P10 Plus Huawei mobile phones with software the versions before Victoria-L09AC605B162, the versions before Victoria-L29AC62017-11-22
CVE-2017-8149 (MEDIUM CVSS 5.5) | The boot loaders of P10 and P10 Plu | cvebase.io