PT-2018-6480 · Huawei · Huawei Smartphone
Aravind Machiry
·
Published
2018-03-20
·
Updated
2018-04-17
·
CVE-2017-17306
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions:
Huawei Smartphones version VNS-L21AUTC555B141
Huawei Smartphones version VNS-L21C10B160
Huawei Smartphones version VNS-L21C66B160
Huawei Smartphones version VNS-L21C703B140
Description:
The issue is related to an array out-of-bounds read. Due to the lack of array verification, an attacker can trick a user into installing a malicious application. This application can exploit the issue, allowing the attacker to read out of the array bounds, potentially causing the device to behave abnormally.
Recommendations:
For version VNS-L21AUTC555B141, update the software to a version that includes the fix for this issue.
For version VNS-L21C10B160, update the software to a version that includes the fix for this issue.
For version VNS-L21C66B160, update the software to a version that includes the fix for this issue.
For version VNS-L21C703B140, update the software to a version that includes the fix for this issue.
As a temporary workaround, consider restricting the installation of applications from untrusted sources to minimize the risk of exploitation.
Fix
Out of bounds Read
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Huawei Smartphone