CVE-2019-5235

CWE-476 — NULL Pointer Dereference3 documents3 sources

Severity

5.3MEDIUM

EPSS

0.2%

top 52.04%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Huawei Alp-al00b Firmware Huawei Alp-tl00b Firmware Huawei Bla-al00b Firmware +47 more

Timeline

PublishedDec 14

Latest updateMay 24

Description

Some Huawei smart phones have a null pointer dereference vulnerability. An attacker crafts specific packets and sends to the affected product to exploit this vulnerability. Successful exploitation may cause the affected phone to be abnormal.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:LExploitability: 3.9 | Impact: 1.4

Affected Packages50 packages

▶NVDhuawei/alp-al00b_firmware8.0.0.153\(c00\)

▶NVDhuawei/alp-tl00b_firmware8.0.0.129\(sp2c01\)

▶NVDhuawei/bla-al00b_firmware8.0.0.129\(sp2c786\), 8.0.0.153\(c00\)+1

▶NVDhuawei/bla-tl00b_firmware8.0.0.129\(sp2c01\)

▶NVDhuawei/ever-l29b_firmware9.0.0.206\(c185e3r3p1\), 9.0.0.207\(c636e3r2p1\), 9.0.0.208\(c432e3r1p12\)+2

🔴Vulnerability Details

GHSA

GHSA-5wgx-97x6-5q43: Some Huawei smart phones have a null pointer dereference vulnerability↗2022-05-24

▶

CVEList

CVE-2019-5235: Some Huawei smart phones have a null pointer dereference vulnerability↗2019-12-13

▶