PT-2017-18178 · Huawei · Huawei P10 Plus+1

Publicado

2017-11-22

Atualizado

2017-12-12

CVE-2017-8172

CVSS v2.0

7.1

Alta

Vetor

AV:N/AC:M/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Huawei P10 Plus and P10 smartphones with versions earlier than VKY-AL00C00B157 Huawei P10 smartphones with versions earlier than VTR-AL00C00B157

Description The issue is related to a denial of service (DoS) vulnerability in the Isub service. An attacker can trick a user into installing a malicious application, which can send a given parameter to a specific interface. This results in an out-of-bounds array access, causing the smartphone to restart.

Recommendations For versions earlier than VKY-AL00C00B157 of Huawei P10 Plus, update to version VKY-AL00C00B157 or later. For versions earlier than VTR-AL00C00B157 of Huawei P10, update to version VTR-AL00C00B157 or later.

Correção

Improper Validation of Array Index

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-129

Identificadores relacionados

CVE-2017-8172

Produtos afetados

Huawei P10

Huawei P10 Plus

PT-2017-18178 · Huawei · Huawei P10 Plus+1

CVE-2017-8172

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4