Out-of-Bounds Read Vulnerability in Huawei Smartphones
CVE-2017-17307

5.5MEDIUM

Key Information:

Vendor: McAfee
Status: Vns-l21
Vendor: CVE Published:; 20 March 2018

What is CVE-2017-17307?

Huawei smartphones running the software version VNS-L21AUTC555B141 are susceptible to an out-of-bounds read vulnerability. This issue arises from the absence of a proper string terminator, allowing attackers to deceive users into installing malicious applications. Once executed, these applications can exploit the vulnerability to access memory outside the intended boundaries, potentially leading to abnormal device behavior and unauthorized data exposure.

Affected Version(s)

VNS-L21 VNS-L21AUTC555B141

References

http://www.huawei.com/en/psirt/security-advisories/huawei...

x_refsource_CONFIRM

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 20, 2018
Vulnerability Reserved
Dec 4, 2017

McAfee

What is CVE-2017-17307?

Affected Version(s)

References

CVSS V3.1

Timeline