CVE-2020-9124

CWE-401Memory LeakCWE-770Allocation without Limits3 documents3 sources
Severity
7.5HIGH
EPSS
0.3%
top 45.52%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
8
Huawei Cloudengine 12800Huawei Cloudengine 5800Huawei Cloudengine 6800+5 more
Timeline
PublishedDec 29
Latest updateMay 24

Description

There is a memory leak vulnerability in some versions of Huawei CloudEngine product. An unauthenticated, remote attacker may exploit this vulnerability by sending specific message to the affected product. Due to not release the allocated memory properly, successful exploit may cause memory leak.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages8 packages

CVEListV5huawei/cloudengine_58004 versions+3
CVEListV5huawei/cloudengine_68004 versions+3
CVEListV5huawei/cloudengine_78004 versions+3
CVEListV5huawei/cloudengine_128004 versions+3

🔴Vulnerability Details

2
GHSA
GHSA-3rff-xjq9-pg37: There is a memory leak vulnerability in some versions of Huawei CloudEngine product2022-05-24
CVEList
CVE-2020-9124: There is a memory leak vulnerability in some versions of Huawei CloudEngine product2020-12-29