CVE-2016-8783

EPSS 0.06%
Veröffentlicht 09.03.2018 21:29:00
Zuletzt bearbeitet 21.11.2024 03:00:04
Quelle psirt@huawei.com
Teams Watchlist Login
Unerledigt Login

Touchscreen drive in Huawei H60 (Honor 6) Versions earlier than H60-L02_6.12.16 and P9 Plus Versions earlier than VIE-AL10BC00B356 has a stack overflow vulnerabilities. An attacker tricks a user into installing a malicious application on the smart phone, and send given parameter to touchscreen drive to crash the system or escalate privilege.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Huawei ≫ Honor 6 Firmware Version < h60-l02_6.12.16

Huawei ≫ Honor 6 Version-

Huawei ≫ P9 Plus Firmware Version < vie-al10bc00b356

Huawei ≫ P9 Plus Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.06%	0.15

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov	9.3	8.6	10	AV:N/AC:M/Au:N/C:C/I:C/A:C

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161215-01-smartphone-en

Vendor Advisory

http://www.securityfocus.com/bid/94944

Third Party Advisory

VDB Entry

https://nvd.nist.gov/vuln/detail/CVE-2016-8783

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2016-8783

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2016-8783

EUVD