{"api_version":"1","generated_at":"2026-04-23T13:48:07+00:00","cve":"CVE-2017-17320","urls":{"html":"https://cve.report/CVE-2017-17320","api":"https://cve.report/api/cve/CVE-2017-17320.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2017-17320","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2017-17320"},"summary":{"title":"CVE-2017-17320","description":"Huawei Mate 9 Pro smartphones with software of LON-AL00BC00B139D, LON-AL00BC00B229, LON-L29DC721B188 have a memory double free vulnerability. The system does not manage the memory properly, that frees on the same memory address twice. An attacker tricks the user who has root privilege to install a crafted application, successful exploit could result in malicious code execution.","state":"PUBLIC","assigner":"psirt@huawei.com","published_at":"2018-03-20 15:29:00","updated_at":"2018-04-13 16:31:00"},"problem_types":["CWE-415"],"metrics":[],"references":[{"url":"http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180314-02-smartphone-en","name":"http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180314-02-smartphone-en","refsource":"CONFIRM","tags":["Vendor Advisory"],"title":"Security Advisory - Memory Double Free Vulnerability on Huawei Smartphones","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2017-17320","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-17320","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2017","cve_id":"17320","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"huawei","cpe5":"mate_9_pro","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"17320","vulnerable":"0","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"huawei","cpe5":"mate_9_pro","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"17320","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"huawei","cpe5":"mate_9_pro_firmware","cpe6":"lon-al00bc00b139d","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"17320","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"huawei","cpe5":"mate_9_pro_firmware","cpe6":"lon-al00bc00b229","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"17320","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"huawei","cpe5":"mate_9_pro_firmware","cpe6":"lon-l29dc721b188","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"17320","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"huawei","cpe5":"mate_9_pro_firmware","cpe6":"lon-al00bc00b139d","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"17320","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"huawei","cpe5":"mate_9_pro_firmware","cpe6":"lon-al00bc00b229","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"17320","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"huawei","cpe5":"mate_9_pro_firmware","cpe6":"lon-l29dc721b188","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"psirt@huawei.com","ID":"CVE-2017-17320","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"Mate 9 Pro","version":{"version_data":[{"version_value":"LON-AL00BC00B139D, LON-AL00BC00B229, LON-L29DC721B188"}]}}]},"vendor_name":"Huawei Technologies Co., Ltd."}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Huawei Mate 9 Pro smartphones with software of LON-AL00BC00B139D, LON-AL00BC00B229, LON-L29DC721B188 have a memory double free vulnerability. The system does not manage the memory properly, that frees on the same memory address twice. An attacker tricks the user who has root privilege to install a crafted application, successful exploit could result in malicious code execution."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"memory double free"}]}]},"references":{"reference_data":[{"name":"http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180314-02-smartphone-en","refsource":"CONFIRM","url":"http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180314-02-smartphone-en"}]}},"nvd":{"publishedDate":"2018-03-20 15:29:00","lastModifiedDate":"2018-04-13 16:31:00","problem_types":["CWE-415"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":7.8,"baseSeverity":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:C/I:C/A:C","accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE","baseScore":9.3},"severity":"HIGH","exploitabilityScore":8.6,"impactScore":10,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"AND","children":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:huawei:mate_9_pro_firmware:lon-al00bc00b139d:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:huawei:mate_9_pro_firmware:lon-al00bc00b229:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:huawei:mate_9_pro_firmware:lon-l29dc721b188:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":false,"cpe23Uri":"cpe:2.3:h:huawei:mate_9_pro:-:*:*:*:*:*:*:*","cpe_name":[]}]}],"cpe_match":[]}]}},"legacy_mitre":{"record":{"CveYear":"2017","CveId":"17320","Ordinal":"116211","Title":"CVE-2017-17320","CVE":"CVE-2017-17320","Year":"2017"},"notes":[{"CveYear":"2017","CveId":"17320","Ordinal":"1","NoteData":"Huawei Mate 9 Pro smartphones with software of LON-AL00BC00B139D, LON-AL00BC00B229, LON-L29DC721B188 have a memory double free vulnerability. The system does not manage the memory properly, that frees on the same memory address twice. An attacker tricks the user who has root privilege to install a crafted application, successful exploit could result in malicious code execution.","Type":"Description","Title":null},{"CveYear":"2017","CveId":"17320","Ordinal":"2","NoteData":"2018-03-20","Type":"Other","Title":"Published"},{"CveYear":"2017","CveId":"17320","Ordinal":"3","NoteData":"2018-03-20","Type":"Other","Title":"Modified"}]}}}