CVE-2017-8184

CWE-119 — Buffer Overflow CWE-121 — Stack-based Buffer Overflow5 documents5 sources

Severity

5.5MEDIUM

EPSS

0.1%

top 71.37%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Huawei MTK Platform Smart Phone Firmware Huawei Technologies Co., Ltd. Nice-al00

Timeline

PublishedNov 22

Latest updateMay 17

Description

MTK platform in Huawei smart phones with software of earlier than Nice-AL00C00B160 versions, earlier than Nice-AL10C00B140 versions has a any memory access vulnerability. An attacker tricks a user into installing a malicious application on the smart phone, and send given parameter to cause to any memory access vulnerabilities, leading to sensitive information leakage.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

▶NVDhuawei/mtk_platform_smart_phone_firmware< nice-al10c00b140+1

▶CVEListV5huawei_technologies_co.,_ltd./nice-al00Earlier than Nice-AL00C00B160 versions, Earlier than Nice-AL10C00B140 versions

🔴Vulnerability Details

GHSA

GHSA-m9qj-8whm-9cg3: MTK platform in Huawei smart phones with software of earlier than Nice-AL00C00B160 versions, earlier than Nice-AL10C00B140 versions has a any memory a↗2022-05-17

▶

CVEList

CVE-2017-8184: MTK platform in Huawei smart phones with software of earlier than Nice-AL00C00B160 versions, earlier than Nice-AL10C00B140 versions has a any memory a↗2017-11-22

▶

📋Vendor Advisories

Red Hat

liblouis: incomplete fix for CVE-2014-8184↗2017-11-02

▶

💬Community

Bugzilla

CVE-2017-15101 liblouis: incomplete fix for CVE-2014-8184↗2017-11-08

▶