CVE-2019-19413 — Integer Overflow or Wraparound in Huawei Dbs3900 TDD LTE Firmware

CWE-190 — Integer Overflow or Wraparound3 documents3 sources

Severity

7.5HIGHNVD

EPSS

0.3%

top 44.28%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Huawei Dbs3900 TDD LTE Firmware Huawei Dp300 Firmware Huawei Rp200 Firmware +4 more

Timeline

PublishedJan 21

Latest updateMay 24

Description

There is an integer overflow vulnerability in LDAP client of some Huawei products. Due to insufficient input validation, a remote attacker could exploit this vulnerability by sending malformed packets to the target devices. Successful exploit could cause the affected system crash.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages7 packages

▶NVDhuawei/te30_firmwarev100r001c10, v600r006c00+1

▶NVDhuawei/te40_firmwarev600r006c00

▶NVDhuawei/te50_firmwarev600r006c00

▶NVDhuawei/te60_firmwarev100r001c10, v500r002c00, v600r006c00+2

▶NVDhuawei/dp300_firmwarev500r002c00

🔴Vulnerability Details

GHSA

GHSA-q3ww-rvw8-54xp: There is an integer overflow vulnerability in LDAP client of some Huawei products↗2022-05-24

▶

CVEList

CVE-2019-19413: There is an integer overflow vulnerability in LDAP client of some Huawei products↗2020-01-21

▶