CVE-2017-17324

{"id": "CVE-2017-17324", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2018-03-09T17:29:02.047", "references": [{"url": "http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180124-01-smartphone-en", "tags": ["Vendor Advisory"], "source": "psirt@huawei.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-190"}]}], "descriptions": [{"lang": "en", "value": "Huawei Mate 9 Pro smartphones with software LON-AL00BC00B139D; LON-AL00BC00B229 have an integer overflow vulnerability. The camera driver does not validate the external input parameters and causes an integer overflow, which in the after processing results in a buffer overflow. An attacker tricks the user to install a crafted application, successful exploit could cause malicious code execution."}, {"lang": "es", "value": "Los smartphones Huawei Mate 9 Pro con software LON-AL00BC00B139D y LON-AL00BC00B229 tienen una vulnerabilidad de desbordamiento de enteros. El controlador de la c\u00e1mara no valida los par\u00e1metros de entradas externas y provoca un desbordamiento de enteros, que tras el posprocesado resulta en un desbordamiento de b\u00fafer. Un atacante enga\u00f1a al usuario para que instale una aplicaci\u00f3n maliciosa, por lo que la explotaci\u00f3n exitosa de esta vulnerabilidad podr\u00eda provocar la ejecuci\u00f3n de c\u00f3digo malicioso."}], "lastModified": "2018-03-29T13:49:09.963", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:mate_9_pro_firmware:lon-al00bc00b139d:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "24B7E8D3-3C62-48C4-B0C8-F8039B38C87C"}, {"criteria": "cpe:2.3:o:huawei:mate_9_pro_firmware:lon-al00bc00b229:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E6E6F318-3844-4A3A-8CCE-BC015974C3B6"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:mate_9_pro:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "E4CC4AF8-2F6D-41FC-9697-17472AF32FC6"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "psirt@huawei.com"}