ID
VAR-201802-0537
CVE
CVE-2017-15330
TITLE
Huawei Vulnerability related to double release in smartphone software
Trust: 0.8
DESCRIPTION
The Flp Driver in some Huawei smartphones of the software Vicky-AL00AC00B124D, Vicky-AL00AC00B157D, Vicky-AL00AC00B167 has a double free vulnerability. An attacker can trick a user to install a malicious application which has a high privilege to exploit this vulnerability. Successful exploitation may cause denial of service (DoS) attack. Huawei Smartphone software contains a double release vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. HuaweiVicky-AL00A is a smartphone device from China's Huawei company. Flpdriver is a Flp driver used in it. The following versions are affected: Huawei Vicky-AL00A Vicky-AL00AC00B124D version, Vicky-AL00AC00B157D version, Vicky-AL00AC00B167 version
Trust: 2.25
IOT TAXONOMY
| category: | ['Network device'] | sub_category: | - | Trust: 0.6 |
AFFECTED PRODUCTS
| vendor: | huawei | model: | vicky-al00a | scope: | eq | version: | vicky-al00ac00b124d | Trust: 2.4 |
| vendor: | huawei | model: | vicky-al00a | scope: | eq | version: | vicky-al00ac00b157d | Trust: 2.4 |
| vendor: | huawei | model: | vicky-al00a | scope: | eq | version: | vicky-al00ac00b167 | Trust: 2.4 |
| vendor: | huawei | model: | vicky-al00a vicky-al00ac00b157d | scope: | - | version: | - | Trust: 0.6 |
| vendor: | huawei | model: | vicky-al00a vicky-al00ac00b167 | scope: | - | version: | - | Trust: 0.6 |
| vendor: | huawei | model: | vicky-al00a vicky-al00ac00b124d | scope: | - | version: | - | Trust: 0.6 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-415 | Trust: 1.9 |
THREAT TYPE
remote
Trust: 0.6
TYPE
lack of information
Trust: 0.6
CONFIGURATIONS
PATCH
| title: | huawei-sa-20171206-01-smartphone | url: | http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171206-01-smartphone-en | Trust: 0.8 |
| title: | HuaweiVicky-AL00AFlp Driver Memory Re-release Vulnerability Patch | url: | https://www.cnvd.org.cn/patchInfo/show/111417 | Trust: 0.6 |
| title: | Huawei Vicky-AL00A Flp Driver security vulnerabilities | url: | http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=77225 | Trust: 0.6 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2017-15330 | Trust: 3.1 |
| db: | JVNDB | id: | JVNDB-2017-012597 | Trust: 0.8 |
| db: | CNNVD | id: | CNNVD-201712-687 | Trust: 0.7 |
| db: | CNVD | id: | CNVD-2017-37846 | Trust: 0.6 |
| db: | VULHUB | id: | VHN-106142 | Trust: 0.1 |
REFERENCES
| url: | http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171206-01-smartphone-en | Trust: 1.7 |
| url: | https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-15330 | Trust: 0.8 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2017-15330 | Trust: 0.8 |
| url: | http://www.huawei.com/cn/psirt/security-advisories/2017/huawei-sa-20171206-01-smartphone-cn | Trust: 0.6 |
CREDITS
Yonggang Guo of IceSword Lab, Qihoo 360 Technology Co. Ltd
Trust: 0.6
SOURCES
| db: | CNVD | id: | CNVD-2017-37846 |
| db: | VULHUB | id: | VHN-106142 |
| db: | JVNDB | id: | JVNDB-2017-012597 |
| db: | CNNVD | id: | CNNVD-201712-687 |
| db: | NVD | id: | CVE-2017-15330 |
LAST UPDATE DATE
2024-11-23T23:08:47.005000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2017-37846 | date: | 2017-12-22T00:00:00 |
| db: | VULHUB | id: | VHN-106142 | date: | 2018-03-07T00:00:00 |
| db: | JVNDB | id: | JVNDB-2017-012597 | date: | 2018-03-23T00:00:00 |
| db: | CNNVD | id: | CNNVD-201712-687 | date: | 2017-12-21T00:00:00 |
| db: | NVD | id: | CVE-2017-15330 | date: | 2024-11-21T03:14:28.633 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2017-37846 | date: | 2017-12-22T00:00:00 |
| db: | VULHUB | id: | VHN-106142 | date: | 2018-02-15T00:00:00 |
| db: | JVNDB | id: | JVNDB-2017-012597 | date: | 2018-03-23T00:00:00 |
| db: | CNNVD | id: | CNNVD-201712-687 | date: | 2017-12-21T00:00:00 |
| db: | NVD | id: | CVE-2017-15330 | date: | 2018-02-15T16:29:00.283 |