Vulnerability-Lookup

CVE-2017-17328 (GCVE-0-2017-17328)

Vulnerability from cvelistv5 – Published: 2018-03-09 17:00 – Updated: 2024-08-05 20:51

Summary

Severity ?

No CVSS data available.

CWE

integer overflow

Assigner

huawei

References

URL

	Vendor	Product	Version
	Huawei Technologies Co., Ltd.	MHA-AL00A	Affected: MHA-AL00AC00B125

FKIE_CVE-2017-17328

Vulnerability from fkie_nvd - Published: 2018-03-09 17:29 - Updated: 2024-11-21 03:17

Severity ?

5.5 (Medium) - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Summary

References

	URL	Tags
	psirt@huawei.com	http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171220-01-smartphone-en	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171220-01-smartphone-en	Vendor Advisory

Impacted products

	Vendor	Product	Version
	huawei	mha-al00a_firmware	mha-al00ac00b125
	huawei	mha-al00a	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:huawei:mha-al00a_firmware:mha-al00ac00b125:*:*:*:*:*:*:*",
              "matchCriteriaId": "8D6E9E44-6FFA-481E-8CDE-E8F13A7D6D37",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:huawei:mha-al00a:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "987F6D9F-B6FB-4A78-A4A1-9B37424D73A8",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Huawei smartphones with software of MHA-AL00AC00B125 have an integer overflow vulnerability. The software does not process certain variable properly when handle certain process. An attacker tricks the user who has root privilege to install a crafted application, successful exploit could cause information disclosure."
    },
    {
      "lang": "es",
      "value": "Los smartphones Huawei con software MHA-AL00AC00B125 tienen una vulnerabilidad de desbordamiento de enteros. El software no procesa ciertas variables correctamente cuando gestiona cierto proceso. Un atacante enga\u00f1a al usuario con privilegios root para que instale una aplicaci\u00f3n maliciosa, por lo que la explotaci\u00f3n exitosa de esta vulnerabilidad podr\u00eda provocar una divulgaci\u00f3n de informaci\u00f3n."
    }
  ],
  "id": "CVE-2017-17328",
  "lastModified": "2024-11-21T03:17:50.790",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 7.1,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-03-09T17:29:02.220",
  "references": [
    {
      "source": "psirt@huawei.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171220-01-smartphone-en"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171220-01-smartphone-en"
    }
  ],
  "sourceIdentifier": "psirt@huawei.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-190"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2017-17328

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2017-17328

Aliases

CVE-2017-17328

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2017-17328",
    "description": "Huawei smartphones with software of MHA-AL00AC00B125 have an integer overflow vulnerability. The software does not process certain variable properly when handle certain process. An attacker tricks the user who has root privilege to install a crafted application, successful exploit could cause information disclosure.",
    "id": "GSD-2017-17328"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2017-17328"
      ],
      "details": "Huawei smartphones with software of MHA-AL00AC00B125 have an integer overflow vulnerability. The software does not process certain variable properly when handle certain process. An attacker tricks the user who has root privilege to install a crafted application, successful exploit could cause information disclosure.",
      "id": "GSD-2017-17328",
      "modified": "2023-12-13T01:21:04.990555Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@huawei.com",
        "ID": "CVE-2017-17328",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "MHA-AL00A",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "MHA-AL00AC00B125"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Huawei Technologies Co., Ltd."
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Huawei smartphones with software of MHA-AL00AC00B125 have an integer overflow vulnerability. The software does not process certain variable properly when handle certain process. An attacker tricks the user who has root privilege to install a crafted application, successful exploit could cause information disclosure."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "integer overflow"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171220-01-smartphone-en",
            "refsource": "CONFIRM",
            "url": "http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171220-01-smartphone-en"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:huawei:mha-al00a_firmware:mha-al00ac00b125:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:huawei:mha-al00a:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@huawei.com",
          "ID": "CVE-2017-17328"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Huawei smartphones with software of MHA-AL00AC00B125 have an integer overflow vulnerability. The software does not process certain variable properly when handle certain process. An attacker tricks the user who has root privilege to install a crafted application, successful exploit could cause information disclosure."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-190"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171220-01-smartphone-en",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171220-01-smartphone-en"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 7.1,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 6.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
            "version": "3.0"
          },
          "exploitabilityScore": 1.8,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2018-03-29T13:54Z",
      "publishedDate": "2018-03-09T17:29Z"
    }
  }
}

GHSA-WJPH-8G36-MCQV

Vulnerability from github – Published: 2022-05-14 03:34 – Updated: 2022-05-14 03:34

Details

Severity ?

5.5 (Medium)


                  
                    CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2017-17328"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-190"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-03-09T17:29:00Z",
    "severity": "HIGH"
  },
  "details": "Huawei smartphones with software of MHA-AL00AC00B125 have an integer overflow vulnerability. The software does not process certain variable properly when handle certain process. An attacker tricks the user who has root privilege to install a crafted application, successful exploit could cause information disclosure.",
  "id": "GHSA-wjph-8g36-mcqv",
  "modified": "2022-05-14T03:34:14Z",
  "published": "2022-05-14T03:34:14Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-17328"
    },
    {
      "type": "WEB",
      "url": "http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171220-01-smartphone-en"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

CNVD-2017-38097

Vulnerability from cnvd - Published: 2017-12-26

Title

Huawei MHA-AL00A整数溢出漏洞

Description

Huawei MHA-AL00A是中国华为（Huawei）公司的一款智能手机产品。 Huawei MHA-AL00A MHA-AL00AC00B125版本中存在整数溢出漏洞，该漏洞源于在处理进程时程序未能正确的处理某个变量。攻击者可通过诱使用户安装特制的应用程序利用该漏洞泄露信息。

Severity

低

Patch Name

Huawei MHA-AL00A整数溢出漏洞的补丁

Patch Description

Huawei MHA-AL00A是中国华为（Huawei）公司的一款智能手机产品。 Huawei MHA-AL00A MHA-AL00AC00B125版本中存在整数溢出漏洞，该漏洞源于在处理进程时程序未能正确的处理某个变量。攻击者可通过诱使用户安装特制的应用程序利用该漏洞泄露信息。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： http://www.huawei.com/cn/psirt/security-advisories/2017/huawei-sa-20171220-01-smartphone-cn

Reference

http://www.huawei.com/cn/psirt/security-advisories/2017/huawei-sa-20171220-01-smartphone-cn

Impacted products

Name
Huawei MHA-AL00A MHA-AL00AC00B125

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-17328"
    }
  },
  "description": "Huawei MHA-AL00A\u662f\u4e2d\u56fd\u534e\u4e3a\uff08Huawei\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u667a\u80fd\u624b\u673a\u4ea7\u54c1\u3002\r\n\r\nHuawei MHA-AL00A MHA-AL00AC00B125\u7248\u672c\u4e2d\u5b58\u5728\u6574\u6570\u6ea2\u51fa\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5728\u5904\u7406\u8fdb\u7a0b\u65f6\u7a0b\u5e8f\u672a\u80fd\u6b63\u786e\u7684\u5904\u7406\u67d0\u4e2a\u53d8\u91cf\u3002\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u8bf1\u4f7f\u7528\u6237\u5b89\u88c5\u7279\u5236\u7684\u5e94\u7528\u7a0b\u5e8f\u5229\u7528\u8be5\u6f0f\u6d1e\u6cc4\u9732\u4fe1\u606f\u3002",
  "discovererName": "\u767e\u5ea6\u5b89\u5168\u5b9e\u9a8c\u5ba4\uff08Baidu X-Lab\uff09\u7684\u4f55\u579a",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttp://www.huawei.com/cn/psirt/security-advisories/2017/huawei-sa-20171220-01-smartphone-cn",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-38097",
  "openTime": "2017-12-26",
  "patchDescription": "Huawei MHA-AL00A\u662f\u4e2d\u56fd\u534e\u4e3a\uff08Huawei\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u667a\u80fd\u624b\u673a\u4ea7\u54c1\u3002\r\n\r\nHuawei MHA-AL00A MHA-AL00AC00B125\u7248\u672c\u4e2d\u5b58\u5728\u6574\u6570\u6ea2\u51fa\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5728\u5904\u7406\u8fdb\u7a0b\u65f6\u7a0b\u5e8f\u672a\u80fd\u6b63\u786e\u7684\u5904\u7406\u67d0\u4e2a\u53d8\u91cf\u3002\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u8bf1\u4f7f\u7528\u6237\u5b89\u88c5\u7279\u5236\u7684\u5e94\u7528\u7a0b\u5e8f\u5229\u7528\u8be5\u6f0f\u6d1e\u6cc4\u9732\u4fe1\u606f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Huawei MHA-AL00A\u6574\u6570\u6ea2\u51fa\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Huawei MHA-AL00A MHA-AL00AC00B125"
  },
  "referenceLink": "http://www.huawei.com/cn/psirt/security-advisories/2017/huawei-sa-20171220-01-smartphone-cn",
  "serverity": "\u4f4e",
  "submitTime": "2017-12-21",
  "title": "Huawei MHA-AL00A\u6574\u6570\u6ea2\u51fa\u6f0f\u6d1e"
}

VAR-201803-0206

Vulnerability from variot - Updated: 2024-11-23 22:17

Huawei smartphones with software of MHA-AL00AC00B125 have an integer overflow vulnerability. The software does not process certain variable properly when handle certain process. An attacker tricks the user who has root privilege to install a crafted application, successful exploit could cause information disclosure. HuaweiMHA-AL00A is a smartphone product from China's Huawei company. An integer overflow vulnerability exists in the HuaweiMHA-AL00AMHA-AL00AC00B125 version, which stems from a program not processing a variable correctly while processing a process. Huawei Smart Phones are prone to an integer-overflow vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in further attacks. Due to the nature of this issue, code execution may be possible but this has not been confirmed

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201803-0206",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "mha-al00a",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "huawei",
        "version": "mha-al00ac00b125"
      },
      {
        "model": "mha-al00a mha-al00ac00b125",
        "scope": null,
        "trust": 0.9,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "mha-al00a",
        "scope": null,
        "trust": 0.8,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "mha-al00a mha-al00bc00b231",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-38097"
      },
      {
        "db": "BID",
        "id": "103419"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-012887"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201712-878"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-17328"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/o:huawei:mha-al00a_firmware",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-012887"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "He Yao of Baidu X-Lab",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201712-878"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2017-17328",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 7.1,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.6,
            "id": "CVE-2017-17328",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "severity": "HIGH",
            "trust": 1.8,
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "NONE",
            "baseScore": 2.1,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.9,
            "id": "CNVD-2017-38097",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "LOW",
            "trust": 0.6,
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 7.1,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.6,
            "id": "VHN-108339",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:C/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.8,
            "id": "CVE-2017-17328",
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.8,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2017-17328",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "CVE-2017-17328",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2017-38097",
            "trust": 0.6,
            "value": "LOW"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201712-878",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-108339",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-38097"
      },
      {
        "db": "VULHUB",
        "id": "VHN-108339"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-012887"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201712-878"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-17328"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Huawei smartphones with software of MHA-AL00AC00B125 have an integer overflow vulnerability. The software does not process certain variable properly when handle certain process. An attacker tricks the user who has root privilege to install a crafted application, successful exploit could cause information disclosure. HuaweiMHA-AL00A is a smartphone product from China\u0027s Huawei company. An integer overflow vulnerability exists in the HuaweiMHA-AL00AMHA-AL00AC00B125 version, which stems from a program not processing a variable correctly while processing a process. Huawei Smart Phones are prone to an integer-overflow vulnerability. \nAttackers can exploit this issue to obtain sensitive information that may aid in further attacks. Due to the nature of this issue, code execution may be possible but this has not been confirmed",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-17328"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-012887"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-38097"
      },
      {
        "db": "BID",
        "id": "103419"
      },
      {
        "db": "VULHUB",
        "id": "VHN-108339"
      }
    ],
    "trust": 2.52
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2017-17328",
        "trust": 3.4
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-012887",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201712-878",
        "trust": 0.7
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-38097",
        "trust": 0.6
      },
      {
        "db": "NSFOCUS",
        "id": "39155",
        "trust": 0.6
      },
      {
        "db": "BID",
        "id": "103419",
        "trust": 0.4
      },
      {
        "db": "VULHUB",
        "id": "VHN-108339",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-38097"
      },
      {
        "db": "VULHUB",
        "id": "VHN-108339"
      },
      {
        "db": "BID",
        "id": "103419"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-012887"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201712-878"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-17328"
      }
    ]
  },
  "id": "VAR-201803-0206",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-38097"
      },
      {
        "db": "VULHUB",
        "id": "VHN-108339"
      }
    ],
    "trust": 1.31764705
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-38097"
      }
    ]
  },
  "last_update_date": "2024-11-23T22:17:38.569000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Security Advisory - Integer Overflow Vulnerability on Smartphones",
        "trust": 0.8,
        "url": "http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171220-01-smartphone-en"
      },
      {
        "title": "HuaweiMHA-AL00A Patch for Integer Overflow Vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/111709"
      },
      {
        "title": "Huawei MHA-AL00A Fixes for digital error vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=77327"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-38097"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-012887"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201712-878"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-190",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-108339"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-012887"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-17328"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.4,
        "url": "http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171220-01-smartphone-en"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-17328"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-17328"
      },
      {
        "trust": 0.6,
        "url": "http://www.huawei.com/cn/psirt/security-advisories/2017/huawei-sa-20171220-01-smartphone-cn"
      },
      {
        "trust": 0.6,
        "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171220-01-smartphone-en"
      },
      {
        "trust": 0.6,
        "url": "http://www.nsfocus.net/vulndb/39155"
      },
      {
        "trust": 0.3,
        "url": "http://www.huawei.com/en/"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-38097"
      },
      {
        "db": "VULHUB",
        "id": "VHN-108339"
      },
      {
        "db": "BID",
        "id": "103419"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-012887"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201712-878"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-17328"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-38097"
      },
      {
        "db": "VULHUB",
        "id": "VHN-108339"
      },
      {
        "db": "BID",
        "id": "103419"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-012887"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201712-878"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-17328"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-12-26T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2017-38097"
      },
      {
        "date": "2018-03-09T00:00:00",
        "db": "VULHUB",
        "id": "VHN-108339"
      },
      {
        "date": "2017-12-20T00:00:00",
        "db": "BID",
        "id": "103419"
      },
      {
        "date": "2018-04-26T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-012887"
      },
      {
        "date": "2017-12-25T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201712-878"
      },
      {
        "date": "2018-03-09T17:29:02.220000",
        "db": "NVD",
        "id": "CVE-2017-17328"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-12-26T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2017-38097"
      },
      {
        "date": "2018-03-29T00:00:00",
        "db": "VULHUB",
        "id": "VHN-108339"
      },
      {
        "date": "2017-12-20T00:00:00",
        "db": "BID",
        "id": "103419"
      },
      {
        "date": "2018-04-26T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-012887"
      },
      {
        "date": "2017-12-25T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201712-878"
      },
      {
        "date": "2024-11-21T03:17:50.790000",
        "db": "NVD",
        "id": "CVE-2017-17328"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201712-878"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Huawei Integer overflow vulnerability in smartphone software",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-012887"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "digital error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201712-878"
      }
    ],
    "trust": 0.6
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2017-17328 (GCVE-0-2017-17328)

FKIE_CVE-2017-17328

GSD-2017-17328

GHSA-WJPH-8G36-MCQV

CNVD-2017-38097

VAR-201803-0206

Tags

Sightings

Nomenclature