CVE-2017-17324: Integer Overflow
First published: Fri Mar 09 2018(Updated: )
Huawei Mate 9 Pro smartphones with software LON-AL00BC00B139D; LON-AL00BC00B229 have an integer overflow vulnerability. The camera driver does not validate the external input parameters and causes an integer overflow, which in the after processing results in a buffer overflow. An attacker tricks the user to install a crafted application, successful exploit could cause malicious code execution.
Credit: psirt@huawei.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Huawei Mate 9 Pro Firmware | =lon-al00bc00b139d | |
| Huawei Mate 9 Pro Firmware | =lon-al00bc00b229 | |
| Huawei Mate 9 Pro |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2017-17324?
CVE-2017-17324 is an integer overflow vulnerability in Huawei Mate 9 Pro smartphones.
How does CVE-2017-17324 affect Huawei Mate 9 Pro smartphones?
CVE-2017-17324 allows an attacker to cause a buffer overflow by tricking the camera driver into processing external input parameters, resulting in a buffer overflow.
Which versions of Huawei Mate 9 Pro are affected by CVE-2017-17324?
Huawei Mate 9 Pro smartphones with software LON-AL00BC00B139D and LON-AL00BC00B229 are affected by CVE-2017-17324.
What is the severity of CVE-2017-17324?
The severity of CVE-2017-17324 is rated as high with a CVSS score of 7.8.
How can I fix CVE-2017-17324?
To fix CVE-2017-17324, update your Huawei Mate 9 Pro firmware to a version that addresses the vulnerability.
- collector/nvd-index
- agent/author
- agent/references
- agent/severity
- agent/weakness
- agent/description
- agent/type
- agent/event
- agent/last-modified-date
- agent/tags
- vendor/huawei
- canonical/huawei mate 9 pro firmware
- version/huawei mate 9 pro firmware/lon-al00bc00b139d
- version/huawei mate 9 pro firmware/lon-al00bc00b229
- canonical/huawei mate 9 pro