CVE-2020-9107

CWE-125Out-of-bounds ReadCWE-787Out-of-bounds Write4 documents4 sources
Severity
5.5MEDIUM
EPSS
0.2%
top 61.77%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Huawei P30 PRO Firmware
Timeline
PublishedOct 12
Latest updateMay 24

Description

HUAWEI P30 Pro versions earlier than 10.1.0.160(C00E160R2P8) have an out-of-bounds read and write vulnerability. An unauthenticated attacker crafts malformed message with specific parameter and sends the message to the affected products. Due to insufficient validation of message, which may be exploited to cause the process reboot.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

NVDhuawei/p30_pro_firmware< 10.1.0.160\(c00e160r2p8\)
CVEListV5huawei_p30_proVersions earlier than 10.1.0.160(C00E160R2P8)

🔴Vulnerability Details

2
GHSA
GHSA-4h8h-j2r6-pvqj: HUAWEI P30 Pro versions earlier than 102022-05-24
CVEList
CVE-2020-9107: HUAWEI P30 Pro versions earlier than 102020-10-12

💬Community

1
Bugzilla
CVE-2017-9107 adns: out-of-bounds read when a domain ends with backslash2020-06-22
CVE-2020-9107 (MEDIUM CVSS 5.5) | HUAWEI P30 Pro versions earlier tha | cvebase.io