ID
VAR-201802-0528
CVE
CVE-2017-15347
TITLE
Huawei Mate 9 Pro Smartphone vulnerable to using freed memory
Trust: 0.8
sources:
JVNDB: JVNDB-2017-012456
DESCRIPTION
Huawei Mate 9 Pro mobile phones with software of versions earlier than LON-AL00BC00B235 have a use after free (UAF) vulnerability. An attacker tricks a user into installing a malicious application, and the application can riggers access memory after free it. A local attacker may exploit this vulnerability to cause the mobile phone to crash. HuaweiMate9Pro is a smartphone product from China's Huawei company. HuaweiMate9Pro has a memory corruption vulnerability. Huawei Mate 9 Pro is China's Huawei ( Huawei ) company's smartphone
Trust: 2.25
sources:
NVD: CVE-2017-15347 //
JVNDB: JVNDB-2017-012456 //
CNVD: CNVD-2017-35595 //
VULHUB: VHN-106160
IOT TAXONOMY
| category: | ['Network device'] | sub_category: | - | Trust: 0.6 |
sources:
CNVD: CNVD-2017-35595
AFFECTED PRODUCTS
| vendor: | huawei | model: | mate 9 pro | scope: | eq | version: | lon-al00bc00b235 | Trust: 1.6 |
| vendor: | huawei | model: | mate 9 pro | scope: | lte | version: | lon-al00bc00b235 | Trust: 0.8 |
| vendor: | huawei | model: | mate pro <lon-al00bc00b235 | scope: | eq | version: | 9 | Trust: 0.6 |
sources:
CNVD: CNVD-2017-35595 //
JVNDB: JVNDB-2017-012456 //
CNNVD: CNNVD-201711-1152 //
NVD: CVE-2017-15347
CVSS
SEVERITY | CVSSV2 | CVSSV3 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
sources:
CNVD: CNVD-2017-35595 //
VULHUB: VHN-106160 //
JVNDB: JVNDB-2017-012456 //
CNNVD: CNNVD-201711-1152 //
NVD: CVE-2017-15347
PROBLEMTYPE DATA
| problemtype: | CWE-416 | Trust: 1.9 |
sources:
VULHUB: VHN-106160 //
JVNDB: JVNDB-2017-012456 //
NVD: CVE-2017-15347
THREAT TYPE
remote
Trust: 0.6
sources:
CNNVD: CNNVD-201711-1152
TYPE
lack of information
Trust: 0.6
sources:
CNNVD: CNNVD-201711-1152
CONFIGURATIONS
sources:
JVNDB: JVNDB-2017-012456
PATCH
| title: | huawei-sa-20171129-01-phone | url: | http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171129-01-phone-en | Trust: 0.8 |
| title: | HuaweiMate9Pro Memory Corruption Vulnerability Patch | url: | https://www.cnvd.org.cn/patchInfo/show/107413 | Trust: 0.6 |
| title: | Huawei Mate 9 Pro Security vulnerabilities | url: | http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=76807 | Trust: 0.6 |
sources:
CNVD: CNVD-2017-35595 //
JVNDB: JVNDB-2017-012456 //
CNNVD: CNNVD-201711-1152
EXTERNAL IDS
| db: | NVD | id: | CVE-2017-15347 | Trust: 3.1 |
| db: | JVNDB | id: | JVNDB-2017-012456 | Trust: 0.8 |
| db: | CNNVD | id: | CNNVD-201711-1152 | Trust: 0.7 |
| db: | CNVD | id: | CNVD-2017-35595 | Trust: 0.6 |
| db: | VULHUB | id: | VHN-106160 | Trust: 0.1 |
sources:
CNVD: CNVD-2017-35595 //
VULHUB: VHN-106160 //
JVNDB: JVNDB-2017-012456 //
CNNVD: CNNVD-201711-1152 //
NVD: CVE-2017-15347
REFERENCES
| url: | http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171129-01-phone-en | Trust: 1.7 |
| url: | https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-15347 | Trust: 0.8 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2017-15347 | Trust: 0.8 |
| url: | http://www.huawei.com/cn/psirt/security-advisories/2017/huawei-sa-20171129-01-phone-cn | Trust: 0.6 |
sources:
CNVD: CNVD-2017-35595 //
VULHUB: VHN-106160 //
JVNDB: JVNDB-2017-012456 //
CNNVD: CNNVD-201711-1152 //
NVD: CVE-2017-15347
CREDITS
Huawei internal tester
Trust: 0.6
sources:
CNNVD: CNNVD-201711-1152
SOURCES
| db: | CNVD | id: | CNVD-2017-35595 |
| db: | VULHUB | id: | VHN-106160 |
| db: | JVNDB | id: | JVNDB-2017-012456 |
| db: | CNNVD | id: | CNNVD-201711-1152 |
| db: | NVD | id: | CVE-2017-15347 |
LAST UPDATE DATE
2024-11-23T23:02:13.020000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2017-35595 | date: | 2017-11-30T00:00:00 |
| db: | VULHUB | id: | VHN-106160 | date: | 2018-02-26T00:00:00 |
| db: | JVNDB | id: | JVNDB-2017-012456 | date: | 2018-03-09T00:00:00 |
| db: | CNNVD | id: | CNNVD-201711-1152 | date: | 2017-11-30T00:00:00 |
| db: | NVD | id: | CVE-2017-15347 | date: | 2024-11-21T03:14:30.883 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2017-35595 | date: | 2017-11-30T00:00:00 |
| db: | VULHUB | id: | VHN-106160 | date: | 2018-02-15T00:00:00 |
| db: | JVNDB | id: | JVNDB-2017-012456 | date: | 2018-03-09T00:00:00 |
| db: | CNNVD | id: | CNNVD-201711-1152 | date: | 2017-11-30T00:00:00 |
| db: | NVD | id: | CVE-2017-15347 | date: | 2018-02-15T16:29:01.097 |