PT-2017-15521 · Huawei · P9 Plus

Li Bo

Published

2017-11-22

Updated

2017-12-11

CVE-2017-2734

CVSS v2.0

7.1

High

Vector

AV:N/AC:M/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions P9 Plus smartphones with software versions earlier than VIE-AL10BC00B386

Description The issue allows an attacker to trick a user into installing a malicious application on the smartphone. This application can send a given parameter to a specific interface, causing a large number of memory allocations and resulting in the smartphone crashing due to memory exhaustion.

Recommendations For P9 Plus smartphones with software versions earlier than VIE-AL10BC00B386, update to a version VIE-AL10BC00B386 or later to resolve the issue. As a temporary workaround, consider restricting the installation of applications from untrusted sources to minimize the risk of exploitation.

Fix

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-400

Related Identifiers

CVE-2017-2734

Affected Products

P9 Plus

PT-2017-15521 · Huawei · P9 Plus

CVE-2017-2734

Weakness Enumeration

Related Identifiers

Affected Products

References · 3