cvelistv5 - CVE-2017-2726

CVE-2017-2726 (GCVE-0-2017-2726)

Vulnerability from cvelistv5 – Published: 2017-11-22 19:00 – Updated: 2024-09-16 19:35

Summary

Severity ?

No CVSS data available.

CWE

Buffer Overflow

Assigner

huawei

References

URL

Tags

	http://www.securityfocus.com/bid/97696	vdb-entryx_refsource_BID
	http://www.huawei.com/en/psirt/security-advisorie…	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	Huawei Technologies Co., Ltd.	P10 Plus,P10	Affected: Eariler than VKY-AL00C00B123 verisons,Earlier than VTR-AL00C00B123 versions

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T14:02:07.673Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "97696",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/97696"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170405-01-smartphone-en"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "P10 Plus,P10",
          "vendor": "Huawei Technologies Co., Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "Eariler than VKY-AL00C00B123 verisons,Earlier than VTR-AL00C00B123 versions"
            }
          ]
        }
      ],
      "datePublic": "2017-11-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Bastet in P10 Plus and P10 smart phones with software earlier than VKY-AL00C00B123 versions, earlier than VTR-AL00C00B123 versions have a buffer overflow vulnerability. An attacker with the root privilege of an Android system may trick a user into installing a malicious APP. The APP can modify specific data to cause buffer overflow in the next system reboot, causing continuous system reboot or arbitrary code execution."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Buffer Overflow",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-11-27T16:57:01",
        "orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
        "shortName": "huawei"
      },
      "references": [
        {
          "name": "97696",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/97696"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170405-01-smartphone-en"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@huawei.com",
          "DATE_PUBLIC": "2017-11-15T00:00:00",
          "ID": "CVE-2017-2726",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "P10 Plus,P10",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Eariler than VKY-AL00C00B123 verisons,Earlier than VTR-AL00C00B123 versions"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Huawei Technologies Co., Ltd."
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Bastet in P10 Plus and P10 smart phones with software earlier than VKY-AL00C00B123 versions, earlier than VTR-AL00C00B123 versions have a buffer overflow vulnerability. An attacker with the root privilege of an Android system may trick a user into installing a malicious APP. The APP can modify specific data to cause buffer overflow in the next system reboot, causing continuous system reboot or arbitrary code execution."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Buffer Overflow"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "97696",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/97696"
            },
            {
              "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170405-01-smartphone-en",
              "refsource": "CONFIRM",
              "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170405-01-smartphone-en"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
    "assignerShortName": "huawei",
    "cveId": "CVE-2017-2726",
    "datePublished": "2017-11-22T19:00:00Z",
    "dateReserved": "2016-12-01T00:00:00",
    "dateUpdated": "2024-09-16T19:35:21.989Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:huawei:p10_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"vtr-al00c00b123\", \"matchCriteriaId\": \"E89DD90E-5048-4BC0-B8D0-672FCB3FF531\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:huawei:p10:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4FE8B6F1-FD2D-489A-86CE-53945949D362\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:huawei:p10_plus_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"vky-al00c00b123\", \"matchCriteriaId\": \"5C1E211E-D19F-468E-971D-DA5976FE8502\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:huawei:p10_plus:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FAD5BC83-41ED-4260-8883-4CA5898A4FAD\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Bastet in P10 Plus and P10 smart phones with software earlier than VKY-AL00C00B123 versions, earlier than VTR-AL00C00B123 versions have a buffer overflow vulnerability. An attacker with the root privilege of an Android system may trick a user into installing a malicious APP. The APP can modify specific data to cause buffer overflow in the next system reboot, causing continuous system reboot or arbitrary code execution.\"}, {\"lang\": \"es\", \"value\": \"Bastet en smartphones P10 Plus y P10 con software VKY-AL00C00B123 y anteriores y VTR-AL00C00B123 y anteriores tiene una vulnerabilidad de desbordamiento de b\\u00fafer. Un atacante con el privilegio root de un sistema Android podr\\u00eda enga\\u00f1ar a un usuario para que instale una APP maliciosa. La APP puede modificar datos concretos para provocar un desbordamiento de b\\u00fafer en el siguiente reinicio del sistema, provocando el reinicio continuo del sistema o la ejecuci\\u00f3n arbitraria de c\\u00f3digo.\"}]",
      "id": "CVE-2017-2726",
      "lastModified": "2024-11-21T03:24:03.707",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 8.4, \"baseSeverity\": \"HIGH\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.5, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:C/I:C/A:C\", \"baseScore\": 9.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 8.6, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2017-11-22T19:29:01.583",
      "references": "[{\"url\": \"http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170405-01-smartphone-en\", \"source\": \"psirt@huawei.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/97696\", \"source\": \"psirt@huawei.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170405-01-smartphone-en\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/97696\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}]",
      "sourceIdentifier": "psirt@huawei.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-119\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2017-2726\",\"sourceIdentifier\":\"psirt@huawei.com\",\"published\":\"2017-11-22T19:29:01.583\",\"lastModified\":\"2025-04-20T01:37:25.860\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Bastet in P10 Plus and P10 smart phones with software earlier than VKY-AL00C00B123 versions, earlier than VTR-AL00C00B123 versions have a buffer overflow vulnerability. An attacker with the root privilege of an Android system may trick a user into installing a malicious APP. The APP can modify specific data to cause buffer overflow in the next system reboot, causing continuous system reboot or arbitrary code execution.\"},{\"lang\":\"es\",\"value\":\"Bastet en smartphones P10 Plus y P10 con software VKY-AL00C00B123 y anteriores y VTR-AL00C00B123 y anteriores tiene una vulnerabilidad de desbordamiento de b\u00fafer. Un atacante con el privilegio root de un sistema Android podr\u00eda enga\u00f1ar a un usuario para que instale una APP maliciosa. La APP puede modificar datos concretos para provocar un desbordamiento de b\u00fafer en el siguiente reinicio del sistema, provocando el reinicio continuo del sistema o la ejecuci\u00f3n arbitraria de c\u00f3digo.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.4,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.5,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":9.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:huawei:p10_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"vtr-al00c00b123\",\"matchCriteriaId\":\"E89DD90E-5048-4BC0-B8D0-672FCB3FF531\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:huawei:p10:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4FE8B6F1-FD2D-489A-86CE-53945949D362\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:huawei:p10_plus_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"vky-al00c00b123\",\"matchCriteriaId\":\"5C1E211E-D19F-468E-971D-DA5976FE8502\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:huawei:p10_plus:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FAD5BC83-41ED-4260-8883-4CA5898A4FAD\"}]}]}],\"references\":[{\"url\":\"http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170405-01-smartphone-en\",\"source\":\"psirt@huawei.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/97696\",\"source\":\"psirt@huawei.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170405-01-smartphone-en\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/97696\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]}]}}"
  }
}

GSD-2017-2726

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2017-2726

Aliases

CVE-2017-2726

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2017-2726",
    "description": "Bastet in P10 Plus and P10 smart phones with software earlier than VKY-AL00C00B123 versions, earlier than VTR-AL00C00B123 versions have a buffer overflow vulnerability. An attacker with the root privilege of an Android system may trick a user into installing a malicious APP. The APP can modify specific data to cause buffer overflow in the next system reboot, causing continuous system reboot or arbitrary code execution.",
    "id": "GSD-2017-2726"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2017-2726"
      ],
      "details": "Bastet in P10 Plus and P10 smart phones with software earlier than VKY-AL00C00B123 versions, earlier than VTR-AL00C00B123 versions have a buffer overflow vulnerability. An attacker with the root privilege of an Android system may trick a user into installing a malicious APP. The APP can modify specific data to cause buffer overflow in the next system reboot, causing continuous system reboot or arbitrary code execution.",
      "id": "GSD-2017-2726",
      "modified": "2023-12-13T01:21:05.635221Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@huawei.com",
        "DATE_PUBLIC": "2017-11-15T00:00:00",
        "ID": "CVE-2017-2726",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "P10 Plus,P10",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "Eariler than VKY-AL00C00B123 verisons,Earlier than VTR-AL00C00B123 versions"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Huawei Technologies Co., Ltd."
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Bastet in P10 Plus and P10 smart phones with software earlier than VKY-AL00C00B123 versions, earlier than VTR-AL00C00B123 versions have a buffer overflow vulnerability. An attacker with the root privilege of an Android system may trick a user into installing a malicious APP. The APP can modify specific data to cause buffer overflow in the next system reboot, causing continuous system reboot or arbitrary code execution."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Buffer Overflow"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "97696",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/97696"
          },
          {
            "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170405-01-smartphone-en",
            "refsource": "CONFIRM",
            "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170405-01-smartphone-en"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:huawei:p10_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "vtr-al00c00b123",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:huawei:p10:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:huawei:p10_plus_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "vky-al00c00b123",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:huawei:p10_plus:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@huawei.com",
          "ID": "CVE-2017-2726"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Bastet in P10 Plus and P10 smart phones with software earlier than VKY-AL00C00B123 versions, earlier than VTR-AL00C00B123 versions have a buffer overflow vulnerability. An attacker with the root privilege of an Android system may trick a user into installing a malicious APP. The APP can modify specific data to cause buffer overflow in the next system reboot, causing continuous system reboot or arbitrary code execution."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-119"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170405-01-smartphone-en",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170405-01-smartphone-en"
            },
            {
              "name": "97696",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/97696"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 8.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 2.5,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2017-12-08T18:53Z",
      "publishedDate": "2017-11-22T19:29Z"
    }
  }
}

VAR-201711-0242

Vulnerability from variot - Updated: 2023-12-18 12:03

Bastet in P10 Plus and P10 smart phones with software earlier than VKY-AL00C00B123 versions, earlier than VTR-AL00C00B123 versions have a buffer overflow vulnerability. An attacker with the root privilege of an Android system may trick a user into installing a malicious APP. The APP can modify specific data to cause buffer overflow in the next system reboot, causing continuous system reboot or arbitrary code execution. Huawei P10 Plus and P10 Smartphone software contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. HuaweiVicky-AL00A/Victoria-AL00A is Huawei's smartphone. A buffer overflow vulnerability exists in the Bastet of the HuaweiVicky-AL00A/Victoria-AL00A phone due to lack of parameter checking. Huawei Smart Phones are prone to multiple local buffer-overflow vulnerabilities because it fails to adequate boundary checks on user-supplied input. Local attackers can exploit these issues to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201711-0242",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "p10 plus",
        "scope": "lt",
        "trust": 1.8,
        "vendor": "huawei",
        "version": "vky-al00c00b123"
      },
      {
        "model": "p10",
        "scope": "lt",
        "trust": 1.8,
        "vendor": "huawei",
        "version": "vtr-al00c00b123"
      },
      {
        "model": "vicky-al00a \u003cvicky-al00ac00b123",
        "scope": null,
        "trust": 0.6,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "victoria-al00a \u003cvictoria-al00ac00b123",
        "scope": null,
        "trust": 0.6,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "victoria-al00a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "huawei",
        "version": "0"
      },
      {
        "model": "vicky-al00a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "huawei",
        "version": "0"
      },
      {
        "model": "victoria-al00ac00b123",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "huawei",
        "version": "0"
      },
      {
        "model": "vicky-al00ac00b123",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "huawei",
        "version": "0"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-04679"
      },
      {
        "db": "BID",
        "id": "97696"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-010610"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-2726"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:huawei:p10_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "vtr-al00c00b123",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:huawei:p10:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:huawei:p10_plus_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "vky-al00c00b123",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:huawei:p10_plus:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-2726"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "ADLab of Venustech.",
    "sources": [
      {
        "db": "BID",
        "id": "97696"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201704-964"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2017-2726",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.6,
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": true,
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 9.3,
            "confidentialityImpact": "Complete",
            "exploitabilityScore": null,
            "id": "CVE-2017-2726",
            "impactScore": null,
            "integrityImpact": "Complete",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.9,
            "id": "CNVD-2017-04679",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.6,
            "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 8.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.5,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Local",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 8.4,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2017-2726",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2017-2726",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2017-04679",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201704-964",
            "trust": 0.6,
            "value": "CRITICAL"
          },
          {
            "author": "VULMON",
            "id": "CVE-2017-2726",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-04679"
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-2726"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-010610"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-2726"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201704-964"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Bastet in P10 Plus and P10 smart phones with software earlier than VKY-AL00C00B123 versions, earlier than VTR-AL00C00B123 versions have a buffer overflow vulnerability. An attacker with the root privilege of an Android system may trick a user into installing a malicious APP. The APP can modify specific data to cause buffer overflow in the next system reboot, causing continuous system reboot or arbitrary code execution. Huawei P10 Plus and P10 Smartphone software contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. HuaweiVicky-AL00A/Victoria-AL00A is Huawei\u0027s smartphone. A buffer overflow vulnerability exists in the Bastet of the HuaweiVicky-AL00A/Victoria-AL00A phone due to lack of parameter checking. Huawei Smart Phones are prone to multiple local buffer-overflow vulnerabilities because it fails to adequate boundary checks on user-supplied input. \nLocal attackers can exploit these issues to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-2726"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-010610"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-04679"
      },
      {
        "db": "BID",
        "id": "97696"
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-2726"
      }
    ],
    "trust": 2.52
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2017-2726",
        "trust": 3.4
      },
      {
        "db": "BID",
        "id": "97696",
        "trust": 2.0
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-010610",
        "trust": 0.8
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-04679",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201704-964",
        "trust": 0.6
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-2726",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-04679"
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-2726"
      },
      {
        "db": "BID",
        "id": "97696"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-010610"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-2726"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201704-964"
      }
    ]
  },
  "id": "VAR-201711-0242",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-04679"
      }
    ],
    "trust": 1.2523158075
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-04679"
      }
    ]
  },
  "last_update_date": "2023-12-18T12:03:04.434000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "huawei-sa-20170405-01-smartphone",
        "trust": 0.8,
        "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170405-01-smartphone-en"
      },
      {
        "title": "There are multiple buffer overflow vulnerabilities (CNVD-2017-04679) patch for Huawei Mobile Bastet component.",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/92019"
      },
      {
        "title": "Huawei Vicky-AL00A  and Victoria-AL00A Bastet Fix for component buffer error vulnerability",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=75151"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-04679"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-010610"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201704-964"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-119",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-010610"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-2726"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.8,
        "url": "http://www.securityfocus.com/bid/97696"
      },
      {
        "trust": 1.7,
        "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170405-01-smartphone-en"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2726"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-2726"
      },
      {
        "trust": 0.6,
        "url": "http://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20170405-01-smartphone-cn"
      },
      {
        "trust": 0.3,
        "url": "http://www.huawei.com"
      },
      {
        "trust": 0.3,
        "url": "http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170405-01-smartphone-en"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/119.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-04679"
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-2726"
      },
      {
        "db": "BID",
        "id": "97696"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-010610"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-2726"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201704-964"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-04679"
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-2726"
      },
      {
        "db": "BID",
        "id": "97696"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-010610"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-2726"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201704-964"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-04-19T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2017-04679"
      },
      {
        "date": "2017-11-22T00:00:00",
        "db": "VULMON",
        "id": "CVE-2017-2726"
      },
      {
        "date": "2017-04-05T00:00:00",
        "db": "BID",
        "id": "97696"
      },
      {
        "date": "2017-12-20T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-010610"
      },
      {
        "date": "2017-11-22T19:29:01.583000",
        "db": "NVD",
        "id": "CVE-2017-2726"
      },
      {
        "date": "2017-04-05T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201704-964"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-04-19T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2017-04679"
      },
      {
        "date": "2017-12-08T00:00:00",
        "db": "VULMON",
        "id": "CVE-2017-2726"
      },
      {
        "date": "2017-04-18T00:07:00",
        "db": "BID",
        "id": "97696"
      },
      {
        "date": "2017-12-20T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-010610"
      },
      {
        "date": "2017-12-08T18:53:14.687000",
        "db": "NVD",
        "id": "CVE-2017-2726"
      },
      {
        "date": "2017-12-26T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201704-964"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201704-964"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Huawei P10 Plus and  P10 Buffer error vulnerability in smartphone software",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-010610"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "buffer overflow",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201704-964"
      }
    ],
    "trust": 0.6
  }
}

GHSA-MX2H-R3GC-8HQ9

Vulnerability from github – Published: 2022-05-17 00:17 – Updated: 2022-05-17 00:17

Details

Severity ?

8.4 (High)


                  
                    CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2017-2726"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-11-22T19:29:00Z",
    "severity": "HIGH"
  },
  "details": "Bastet in P10 Plus and P10 smart phones with software earlier than VKY-AL00C00B123 versions, earlier than VTR-AL00C00B123 versions have a buffer overflow vulnerability. An attacker with the root privilege of an Android system may trick a user into installing a malicious APP. The APP can modify specific data to cause buffer overflow in the next system reboot, causing continuous system reboot or arbitrary code execution.",
  "id": "GHSA-mx2h-r3gc-8hq9",
  "modified": "2022-05-17T00:17:09Z",
  "published": "2022-05-17T00:17:09Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-2726"
    },
    {
      "type": "WEB",
      "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170405-01-smartphone-en"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/97696"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

FKIE_CVE-2017-2726

Vulnerability from fkie_nvd - Published: 2017-11-22 19:29 - Updated: 2025-04-20 01:37

Severity ?

8.4 (High) - CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
psirt@huawei.com	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170405-01-smartphone-en	Vendor Advisory
psirt@huawei.com	http://www.securityfocus.com/bid/97696	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170405-01-smartphone-en	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/97696	Third Party Advisory, VDB Entry

Impacted products

Vendor	Product	Version
huawei	p10_firmware	*
huawei	p10	-
huawei	p10_plus_firmware	*
huawei	p10_plus	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:huawei:p10_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E89DD90E-5048-4BC0-B8D0-672FCB3FF531",
              "versionEndExcluding": "vtr-al00c00b123",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:huawei:p10:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4FE8B6F1-FD2D-489A-86CE-53945949D362",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:huawei:p10_plus_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C1E211E-D19F-468E-971D-DA5976FE8502",
              "versionEndExcluding": "vky-al00c00b123",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:huawei:p10_plus:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FAD5BC83-41ED-4260-8883-4CA5898A4FAD",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Bastet in P10 Plus and P10 smart phones with software earlier than VKY-AL00C00B123 versions, earlier than VTR-AL00C00B123 versions have a buffer overflow vulnerability. An attacker with the root privilege of an Android system may trick a user into installing a malicious APP. The APP can modify specific data to cause buffer overflow in the next system reboot, causing continuous system reboot or arbitrary code execution."
    },
    {
      "lang": "es",
      "value": "Bastet en smartphones P10 Plus y P10 con software VKY-AL00C00B123 y anteriores y VTR-AL00C00B123 y anteriores tiene una vulnerabilidad de desbordamiento de b\u00fafer. Un atacante con el privilegio root de un sistema Android podr\u00eda enga\u00f1ar a un usuario para que instale una APP maliciosa. La APP puede modificar datos concretos para provocar un desbordamiento de b\u00fafer en el siguiente reinicio del sistema, provocando el reinicio continuo del sistema o la ejecuci\u00f3n arbitraria de c\u00f3digo."
    }
  ],
  "id": "CVE-2017-2726",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 8.4,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.5,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-11-22T19:29:01.583",
  "references": [
    {
      "source": "psirt@huawei.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170405-01-smartphone-en"
    },
    {
      "source": "psirt@huawei.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/97696"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170405-01-smartphone-en"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/97696"
    }
  ],
  "sourceIdentifier": "psirt@huawei.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CNVD-2017-04679

Vulnerability from cnvd - Published: 2017-04-19

Title

华为手机Bastet组件存在多个缓冲区溢出漏洞（CNVD-2017-04679）

Description

Huawei Vicky-AL00A/Victoria-AL00A是华为公司的智能手机。 Huawei Vicky-AL00A/Victoria-AL00A手机的Bastet中由于缺少参数检查而存在缓冲区溢出漏洞。已经获取安卓系统的root权限攻击者可以诱使用户安装恶意应用程序，应用程序可以通过修改特定数据，令系统在下次重新启动过程中发生缓冲区溢出，导致手机在启动阶段重启或任意代码执行。

Severity

高

Patch Name

华为手机Bastet组件存在多个缓冲区溢出漏洞（CNVD-2017-04679）的补丁

Patch Description

Formal description

华为已发布版本修复该漏洞。安全预警链接： http://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20170405-01-smartphone-cn

Reference

http://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20170405-01-smartphone-cn

Impacted products

Name
['Huawei Vicky-AL00A <Vicky-AL00AC00B123', 'Huawei Victoria-AL00A <Victoria-AL00AC00B123']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-2726"
    }
  },
  "description": "Huawei Vicky-AL00A/Victoria-AL00A\u662f\u534e\u4e3a\u516c\u53f8\u7684\u667a\u80fd\u624b\u673a\u3002\r\n\r\nHuawei Vicky-AL00A/Victoria-AL00A\u624b\u673a\u7684Bastet\u4e2d\u7531\u4e8e\u7f3a\u5c11\u53c2\u6570\u68c0\u67e5\u800c\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u3002\u5df2\u7ecf\u83b7\u53d6\u5b89\u5353\u7cfb\u7edf\u7684root\u6743\u9650\u653b\u51fb\u8005\u53ef\u4ee5\u8bf1\u4f7f\u7528\u6237\u5b89\u88c5\u6076\u610f\u5e94\u7528\u7a0b\u5e8f\uff0c\u5e94\u7528\u7a0b\u5e8f\u53ef\u4ee5\u901a\u8fc7\u4fee\u6539\u7279\u5b9a\u6570\u636e\uff0c\u4ee4\u7cfb\u7edf\u5728\u4e0b\u6b21\u91cd\u65b0\u542f\u52a8\u8fc7\u7a0b\u4e2d\u53d1\u751f\u7f13\u51b2\u533a\u6ea2\u51fa\uff0c\u5bfc\u81f4\u624b\u673a\u5728\u542f\u52a8\u9636\u6bb5\u91cd\u542f\u6216\u4efb\u610f\u4ee3\u7801\u6267\u884c\u3002",
  "discovererName": "\u5317\u4eac\u542f\u660e\u661f\u8fb0ADLab",
  "formalWay": "\u534e\u4e3a\u5df2\u53d1\u5e03\u7248\u672c\u4fee\u590d\u8be5\u6f0f\u6d1e\u3002\u5b89\u5168\u9884\u8b66\u94fe\u63a5\uff1a \r\nhttp://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20170405-01-smartphone-cn",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-04679",
  "openTime": "2017-04-19",
  "patchDescription": "Huawei Vicky-AL00A/Victoria-AL00A\u662f\u534e\u4e3a\u516c\u53f8\u7684\u667a\u80fd\u624b\u673a\u3002\r\n\r\nHuawei Vicky-AL00A/Victoria-AL00A\u624b\u673a\u7684Bastet\u4e2d\u7531\u4e8e\u7f3a\u5c11\u53c2\u6570\u68c0\u67e5\u800c\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u3002\u5df2\u7ecf\u83b7\u53d6\u5b89\u5353\u7cfb\u7edf\u7684root\u6743\u9650\u653b\u51fb\u8005\u53ef\u4ee5\u8bf1\u4f7f\u7528\u6237\u5b89\u88c5\u6076\u610f\u5e94\u7528\u7a0b\u5e8f\uff0c\u5e94\u7528\u7a0b\u5e8f\u53ef\u4ee5\u901a\u8fc7\u4fee\u6539\u7279\u5b9a\u6570\u636e\uff0c\u4ee4\u7cfb\u7edf\u5728\u4e0b\u6b21\u91cd\u65b0\u542f\u52a8\u8fc7\u7a0b\u4e2d\u53d1\u751f\u7f13\u51b2\u533a\u6ea2\u51fa\uff0c\u5bfc\u81f4\u624b\u673a\u5728\u542f\u52a8\u9636\u6bb5\u91cd\u542f\u6216\u4efb\u610f\u4ee3\u7801\u6267\u884c\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "\u534e\u4e3a\u624b\u673aBastet\u7ec4\u4ef6\u5b58\u5728\u591a\u4e2a\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff08CNVD-2017-04679\uff09\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Huawei Vicky-AL00A \u003cVicky-AL00AC00B123",
      "Huawei Victoria-AL00A \u003cVictoria-AL00AC00B123"
    ]
  },
  "referenceLink": "http://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20170405-01-smartphone-cn",
  "serverity": "\u9ad8",
  "submitTime": "2017-04-06",
  "title": "\u534e\u4e3a\u624b\u673aBastet\u7ec4\u4ef6\u5b58\u5728\u591a\u4e2a\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff08CNVD-2017-04679\uff09"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2017-2726 (GCVE-0-2017-2726)

GSD-2017-2726

VAR-201711-0242

GHSA-MX2H-R3GC-8HQ9

FKIE_CVE-2017-2726

CNVD-2017-04679

Tags

Sightings

Nomenclature