{"api_version":"1","generated_at":"2026-04-23T09:38:22+00:00","cve":"CVE-2020-9257","urls":{"html":"https://cve.report/CVE-2020-9257","api":"https://cve.report/api/cve/CVE-2020-9257.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2020-9257","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2020-9257"},"summary":{"title":"CVE-2020-9257","description":"HUAWEI P30 Pro smartphones with versions earlier than 10.1.0.123(C432E19R2P5patch02), versions earlier than 10.1.0.126(C10E11R5P1), and versions earlier than 10.1.0.160(C00E160R2P8) have a buffer overflow vulnerability. The software access data past the end, or before the beginning, of the intended buffer when handling certain operations of certificate, the attacker should trick the user into installing a malicious application, successful exploit may cause code execution.","state":"PUBLIC","assigner":"psirt@huawei.com","published_at":"2020-07-17 23:15:00","updated_at":"2020-07-22 19:44:00"},"problem_types":["CWE-120"],"metrics":[],"references":[{"url":"https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200715-03-smartphone-en","name":"https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200715-03-smartphone-en","refsource":"CONFIRM","tags":["Vendor Advisory"],"title":"Security Advisory - Buffer Overflow Vulnerability in Several Smartphones","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2020-9257","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-9257","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2020","cve_id":"9257","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"huawei","cpe5":"p30_pro","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"9257","vulnerable":"0","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"huawei","cpe5":"p30_pro","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"9257","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"huawei","cpe5":"p30_pro_firmware","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"9257","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"huawei","cpe5":"p30_pro_firmware","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"data_type":"CVE","data_format":"MITRE","data_version":"4.0","CVE_data_meta":{"ID":"CVE-2020-9257","ASSIGNER":"psirt@huawei.com","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"vendor_name":"Huawei","product":{"product_data":[{"product_name":"HUAWEI P30 Pro","version":{"version_data":[{"version_value":"Versions earlier than 10.1.0.123(C432E19R2P5patch02)"},{"version_value":"Versions earlier than 10.1.0.126(C10E11R5P1)"},{"version_value":"Versions earlier than 10.1.0.160(C00E160R2P8)"}]}}]}}]}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Buffer Overflow"}]}]},"references":{"reference_data":[{"refsource":"CONFIRM","name":"https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200715-03-smartphone-en","url":"https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200715-03-smartphone-en"}]},"description":{"description_data":[{"lang":"eng","value":"HUAWEI P30 Pro smartphones with versions earlier than 10.1.0.123(C432E19R2P5patch02), versions earlier than 10.1.0.126(C10E11R5P1), and versions earlier than 10.1.0.160(C00E160R2P8) have a buffer overflow vulnerability. The software access data past the end, or before the beginning, of the intended buffer when handling certain operations of certificate, the attacker should trick the user into installing a malicious application, successful exploit may cause code execution."}]}},"nvd":{"publishedDate":"2020-07-17 23:15:00","lastModifiedDate":"2020-07-22 19:44:00","problem_types":["CWE-120"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":8.8,"baseSeverity":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL","baseScore":6.8},"severity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"AND","children":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:huawei:p30_pro_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"10.1.0.123\\(c432e19r2p5patch02\\)","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":false,"cpe23Uri":"cpe:2.3:h:huawei:p30_pro:-:*:*:*:*:*:*:*","cpe_name":[]}]}],"cpe_match":[]},{"operator":"AND","children":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:huawei:p30_pro_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"10.1.0.126\\(c10e11r5p1\\)","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":false,"cpe23Uri":"cpe:2.3:h:huawei:p30_pro:-:*:*:*:*:*:*:*","cpe_name":[]}]}],"cpe_match":[]},{"operator":"AND","children":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:huawei:p30_pro_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"10.1.0.160\\(c00e160r2p8\\)","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":false,"cpe23Uri":"cpe:2.3:h:huawei:p30_pro:-:*:*:*:*:*:*:*","cpe_name":[]}]}],"cpe_match":[]}]}},"legacy_mitre":{"record":{"CveYear":"2020","CveId":"9257","Ordinal":"169634","Title":"CVE-2020-9257","CVE":"CVE-2020-9257","Year":"2020"},"notes":[{"CveYear":"2020","CveId":"9257","Ordinal":"1","NoteData":"HUAWEI P30 Pro smartphones with versions earlier than 10.1.0.123(C432E19R2P5patch02), versions earlier than 10.1.0.126(C10E11R5P1), and versions earlier than 10.1.0.160(C00E160R2P8) have a buffer overflow vulnerability. The software access data past the end, or before the beginning, of the intended buffer when handling certain operations of certificate, the attacker should trick the user into installing a malicious application, successful exploit may cause code execution.","Type":"Description","Title":null},{"CveYear":"2020","CveId":"9257","Ordinal":"2","NoteData":"2020-07-17","Type":"Other","Title":"Published"},{"CveYear":"2020","CveId":"9257","Ordinal":"3","NoteData":"2020-07-17","Type":"Other","Title":"Modified"}]}}}