PT-2017-15521 · Huawei · P9 Plus

Li Bo

Publicado

2017-11-22

Atualizado

2017-12-11

CVE-2017-2734

CVSS v2.0

7.1

Alta

Vetor

AV:N/AC:M/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions P9 Plus smartphones with software versions earlier than VIE-AL10BC00B386

Description The issue allows an attacker to trick a user into installing a malicious application on the smartphone. This application can send a given parameter to a specific interface, causing a large number of memory allocations and resulting in the smartphone crashing due to memory exhaustion.

Recommendations For P9 Plus smartphones with software versions earlier than VIE-AL10BC00B386, update to a version VIE-AL10BC00B386 or later to resolve the issue. As a temporary workaround, consider restricting the installation of applications from untrusted sources to minimize the risk of exploitation.

Correção

Resource Exhaustion

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-400

Identificadores relacionados

CVE-2017-2734

Produtos afetados

P9 Plus

PT-2017-15521 · Huawei · P9 Plus

CVE-2017-2734

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 3