github - ghsa-fwj9-5x88-wxr5

GHSA-FWJ9-5X88-WXR5

Vulnerability from github – Published: 2022-05-24 17:37 – Updated: 2022-05-24 17:37

Details

There is an out of bound read vulnerability in some verisons of Huawei CloudEngine product. A module does not deal with specific message properly. Attackers can exploit this vulnerability by sending malicious packet. This can lead to denial of service.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2020-9094"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-12-29T18:15:00Z",
    "severity": "HIGH"
  },
  "details": "There is an out of bound read vulnerability in some verisons of Huawei CloudEngine product. A module does not deal with specific message properly. Attackers can exploit this vulnerability by sending malicious packet. This can lead to denial of service.",
  "id": "GHSA-fwj9-5x88-wxr5",
  "modified": "2022-05-24T17:37:31Z",
  "published": "2022-05-24T17:37:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9094"
    },
    {
      "type": "WEB",
      "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201216-01-obr-en"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CVE-2020-9094 (GCVE-0-2020-9094)

Vulnerability from cvelistv5 – Published: 2020-12-29 17:28 – Updated: 2024-08-04 10:19

Summary

Severity ?

No CVSS data available.

CWE

Out of Bound Read

Assigner

huawei

References

URL

Tags

https://www.huawei.com/en/psirt/security-advisori…

x_refsource_CONFIRM

Impacted products

Vendor

Product

Version

Huawei

CloudEngine 12800

Affected: V200R019C00SPC800

Huawei	CloudEngine 5800	Affected: V200R019C00SPC800
Huawei	CloudEngine 6800	Affected: V200R005C20SPC800 Affected: V200R019C00SPC800
Huawei	CloudEngine 7800	Affected: V200R019C00SPC800

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T10:19:19.790Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201216-01-obr-en"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "CloudEngine 12800",
          "vendor": "Huawei",
          "versions": [
            {
              "status": "affected",
              "version": "V200R019C00SPC800"
            }
          ]
        },
        {
          "product": "CloudEngine 5800",
          "vendor": "Huawei",
          "versions": [
            {
              "status": "affected",
              "version": "V200R019C00SPC800"
            }
          ]
        },
        {
          "product": "CloudEngine 6800",
          "vendor": "Huawei",
          "versions": [
            {
              "status": "affected",
              "version": "V200R005C20SPC800"
            },
            {
              "status": "affected",
              "version": "V200R019C00SPC800"
            }
          ]
        },
        {
          "product": "CloudEngine 7800",
          "vendor": "Huawei",
          "versions": [
            {
              "status": "affected",
              "version": "V200R019C00SPC800"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "There is an out of bound read vulnerability in some verisons of Huawei CloudEngine product. A module does not deal with specific message properly. Attackers can exploit this vulnerability by sending malicious packet. This can lead to denial of service."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Out of Bound Read",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-12-29T17:28:53",
        "orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
        "shortName": "huawei"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201216-01-obr-en"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@huawei.com",
          "ID": "CVE-2020-9094",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "CloudEngine 12800",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "V200R019C00SPC800"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "CloudEngine 5800",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "V200R019C00SPC800"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "CloudEngine 6800",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "V200R005C20SPC800"
                          },
                          {
                            "version_value": "V200R019C00SPC800"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "CloudEngine 7800",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "V200R019C00SPC800"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Huawei"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "There is an out of bound read vulnerability in some verisons of Huawei CloudEngine product. A module does not deal with specific message properly. Attackers can exploit this vulnerability by sending malicious packet. This can lead to denial of service."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Out of Bound Read"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201216-01-obr-en",
              "refsource": "CONFIRM",
              "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201216-01-obr-en"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
    "assignerShortName": "huawei",
    "cveId": "CVE-2020-9094",
    "datePublished": "2020-12-29T17:28:53",
    "dateReserved": "2020-02-18T00:00:00",
    "dateUpdated": "2024-08-04T10:19:19.790Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

GHSA-FWJ9-5X88-WXR5

CVE-2020-9094 (GCVE-0-2020-9094)

Tags

Sightings

Nomenclature