PT-2020-20551 · Huawei · Huawei P30 Pro
Published
2020-07-17
·
Updated
2020-07-22
·
CVE-2020-9257
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
HUAWEI P30 Pro versions prior to 10.1.0.123(C432E19R2P5patch02)
HUAWEI P30 Pro versions prior to 10.1.0.126(C10E11R5P1)
HUAWEI P30 Pro versions prior to 10.1.0.160(C00E160R2P8)
Description
The issue is related to a buffer overflow when handling certain certificate operations. This occurs because the software accesses data past the end, or before the beginning, of the intended buffer. An attacker could exploit this by tricking a user into installing a malicious application, potentially leading to code execution.
Recommendations
For versions prior to 10.1.0.123(C432E19R2P5patch02), update to version 10.1.0.123(C432E19R2P5patch02) or later.
For versions prior to 10.1.0.126(C10E11R5P1), update to version 10.1.0.126(C10E11R5P1) or later.
For versions prior to 10.1.0.160(C00E160R2P8), update to version 10.1.0.160(C00E160R2P8) or later.
Fix
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Huawei P30 Pro