CVE-2020-9096

CWE-125 — Out-of-bounds Read4 documents4 sources
Severity
5.5MEDIUM
EPSS
0.0%
top 93.62%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Huawei P30 PRO Firmware
Timeline
PublishedAug 21
Latest updateMay 24

Description

HUAWEI P30 Pro smartphones with Versions earlier than 10.1.0.160(C00E160R2P8) have an out of bound read vulnerability. Some functions are lack of verification when they process some messages sent from other module. Attackers can exploit this vulnerability by send malicious message to cause out-of-bound read. This can compromise normal service.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

â–¶NVDhuawei/p30_pro_firmware< 10.1.0.160\(c00e160r2p8\)
â–¶CVEListV5huawei_p30_proVersions earlier than 10.1.0.160(C00E160R2P8)

🔴Vulnerability Details

2
GHSA
GHSA-227x-48c5-2jpf: HUAWEI P30 Pro smartphones with Versions earlier than 10↗2022-05-24
â–¶
CVEList
CVE-2020-9096: HUAWEI P30 Pro smartphones with Versions earlier than 10↗2020-08-21
â–¶

📋Vendor Advisories

1
Oracle
Oracle Oracle Construction and Engineering Risk Matrix: Platform (iText) — CVE-2017-9096↗2020-10-15
â–¶
CVE-2020-9096 (MEDIUM CVSS 5.5) | HUAWEI P30 Pro smartphones with Ver | cvebase.io