CVE-2017-8179

CWE-119 — Buffer Overflow3 documents3 sources

Severity

7.8HIGH

EPSS

0.1%

top 70.05%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Huawei MTK Platform Smart Phone Firmware Huawei Technologies Co., Ltd. Nice-al00

Timeline

PublishedNov 22

Latest updateMay 17

Description

The camera driver of MTK platform in Huawei smart phones with software of versions earlier than Nice-AL00C00B155 has a buffer overflow vulnerability.Due to the insufficient input verification, an attacker tricks a user into installing a malicious application which has special privilege and sends a specific parameter to the driver of the smart phone, causing privilege escalation.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

▶NVDhuawei/mtk_platform_smart_phone_firmware< nice-al00c00b155

▶CVEListV5huawei_technologies_co.,_ltd./nice-al00Versions earlier than Nice-AL00C00B155

🔴Vulnerability Details

GHSA

GHSA-hgxx-42w2-h2hx: The camera driver of MTK platform in Huawei smart phones with software of versions earlier than Nice-AL00C00B155 has a buffer overflow vulnerability↗2022-05-17

▶

CVEList

CVE-2017-8179: The camera driver of MTK platform in Huawei smart phones with software of versions earlier than Nice-AL00C00B155 has a buffer overflow vulnerability↗2017-11-22

▶