CVE-2017-8182

CWE-125 — Out-of-bounds Read3 documents3 sources

Severity

6.1MEDIUM

EPSS

0.1%

top 76.56%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Huawei MTK Platform Smart Phone Firmware Huawei Technologies Co., Ltd. Nice-al00

Timeline

PublishedNov 22

Latest updateMay 17

Description

MTK platform in Huawei smart phones with software of earlier than Nice-AL00C00B160 versions, earlier than Nice-AL10C00B140 versions has a out-of-bound read vulnerability. An attacker tricks a user into installing a malicious application on the smart phone, and send given parameter and cause to memory out-of-bound read.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:HExploitability: 1.8 | Impact: 4.2

Affected Packages2 packages

▶NVDhuawei/mtk_platform_smart_phone_firmware< nice-al10c00b140+1

▶CVEListV5huawei_technologies_co.,_ltd./nice-al00Earlier than Nice-AL00C00B160 versions, Earlier than Nice-AL10C00B140 versions

🔴Vulnerability Details

GHSA

GHSA-5rwc-fxwj-4432: MTK platform in Huawei smart phones with software of earlier than Nice-AL00C00B160 versions, earlier than Nice-AL10C00B140 versions has a out-of-bound↗2022-05-17

▶

CVEList

CVE-2017-8182: MTK platform in Huawei smart phones with software of earlier than Nice-AL00C00B160 versions, earlier than Nice-AL10C00B140 versions has a out-of-bound↗2017-11-22

▶