CVE-2017-8205

CWE-190Integer Overflow3 documents3 sources
Severity
7.8HIGH
EPSS
0.1%
top 75.03%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Huawei Honor 9 FirmwareHuawei Technologies Co., Ltd. Honor 9
Timeline
PublishedNov 22
Latest updateMay 17

Description

The Bastet driver of Honor 9 Huawei smart phones with software of versions earlier than Stanford-AL10C00B175 has integer overflow vulnerability due to the lack of parameter validation. An attacker tricks a user into installing a malicious APP which has the root privilege; the APP can send a specific parameter to the driver of the smart phone, causing arbitrary code execution.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

NVDhuawei/honor_9_firmware< stanford-al10c00b175
CVEListV5huawei_technologies_co.,_ltd./honor_9Versions earlier than Stanford-AL10C00B175

🔴Vulnerability Details

2
GHSA
GHSA-j73q-5hm5-fm27: The Bastet driver of Honor 9 Huawei smart phones with software of versions earlier than Stanford-AL10C00B175 has integer overflow vulnerability due to2022-05-17
CVEList
CVE-2017-8205: The Bastet driver of Honor 9 Huawei smart phones with software of versions earlier than Stanford-AL10C00B175 has integer overflow vulnerability due to2017-11-22
CVE-2017-8205 (HIGH CVSS 7.8) | The Bastet driver of Honor 9 Huawei | cvebase.io