CVE-2020-9257

CWE-120 — Classic Buffer Overflow3 documents3 sources

Severity

8.8HIGH

EPSS

0.3%

top 47.28%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Huawei P30 PRO Firmware Huawei Huawei P30 PRO

Timeline

PublishedJul 17

Latest updateMay 24

Description

HUAWEI P30 Pro smartphones with versions earlier than 10.1.0.123(C432E19R2P5patch02), versions earlier than 10.1.0.126(C10E11R5P1), and versions earlier than 10.1.0.160(C00E160R2P8) have a buffer overflow vulnerability. The software access data past the end, or before the beginning, of the intended buffer when handling certain operations of certificate, the attacker should trick the user into installing a malicious application, successful exploit may cause code execution.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

▶NVDhuawei/p30_pro_firmware< 10.1.0.123\(c432e19r2p5patch02\)+2

▶CVEListV5huawei/huawei_p30_proVersions earlier than 10.1.0.123(C432E19R2P5patch02), Versions earlier than 10.1.0.126(C10E11R5P1), Versions earlier than 10.1.0.160(C00E160R2P8)+2

🔴Vulnerability Details

GHSA

GHSA-c3h3-5867-mxh8: HUAWEI P30 Pro smartphones with versions earlier than 10↗2022-05-24

▶

CVEList

CVE-2020-9257: HUAWEI P30 Pro smartphones with versions earlier than 10↗2020-07-17

▶