CVE-2017-8204

CWE-119Buffer Overflow3 documents3 sources
Severity
7.8HIGH
EPSS
0.2%
top 61.81%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Huawei Honor 9 FirmwareHuawei Technologies Co., Ltd. Honor 9
Timeline
PublishedNov 22
Latest updateMay 17

Description

The Bastet driver of Honor 9 Huawei smart phones with software of versions earlier than Stanford-AL10C00B175 has a buffer overflow vulnerability due to the lack of parameter validation. An attacker tricks a user into installing a malicious APP which has the root privilege; the APP can send a specific parameter to the driver of the smart phone, causing arbitrary code execution

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

NVDhuawei/honor_9_firmware< stanford-al10c00b175
CVEListV5huawei_technologies_co.,_ltd./honor_9Versions earlier than Stanford-AL10C00B175

🔴Vulnerability Details

2
GHSA
GHSA-h3g2-pxmc-gqjv: The Bastet driver of Honor 9 Huawei smart phones with software of versions earlier than Stanford-AL10C00B175 has a buffer overflow vulnerability due t2022-05-17
CVEList
CVE-2017-8204: The Bastet driver of Honor 9 Huawei smart phones with software of versions earlier than Stanford-AL10C00B175 has a buffer overflow vulnerability due t2017-11-22
CVE-2017-8204 (HIGH CVSS 7.8) | The Bastet driver of Honor 9 Huawei | cvebase.io