CVE-2020-9117
Summary
| CVE | CVE-2020-9117 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2020-12-01 01:15:00 UTC |
| Updated | 2020-12-04 17:28:00 UTC |
| Description | HUAWEI nova 4 versions earlier than 10.0.0.165(C01E34R2P4) and SydneyM-AL00 versions earlier than 10.0.0.165(C00E66R1P5) have an out-of-bounds read and write vulnerability. An attacker with specific permissions crafts malformed packet with specific parameter and sends the packet to the affected products. Due to insufficient validation of packet, which may be exploited to cause the information leakage or arbitrary code execution. |
Risk And Classification
Problem Types: CWE-125 | CWE-787
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Hardware | Huawei | Nova 4 | - | All | All | All |
| Hardware | Huawei | Nova 4 | - | All | All | All |
| Operating System | Huawei | Nova 4 Firmware | All | All | All | All |
| Operating System | Huawei | Nova 4 Firmware | All | All | All | All |
| Hardware | Huawei | Sydneym-al00 | - | All | All | All |
| Hardware | Huawei | Sydneym-al00 | - | All | All | All |
| Operating System | Huawei | Sydneym-al00 Firmware | All | All | All | All |
| Operating System | Huawei | Sydneym-al00 Firmware | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Security Advisory - Out-of-bounds Read Vulnerability in Some Huawei Smartphones | MISC | www.huawei.com | Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.