CVE-2017-15314

EPSS 0.02%
Published 09.03.2018 21:29:00
Last modified 21.11.2024 03:14:26
Source psirt@huawei.com
Teams watchlist Login
Open Login

Huawei DP300 V500R002C00, RP200 V500R002C00SPC200, V600R006C00, TE30 V100R001C10SPC300, V100R001C10SPC500, V100R001C10SPC600, V100R001C10SPC700, V500R002C00SPC200, V500R002C00SPC500, V500R002C00SPC600, V500R002C00SPC700, V500R002C00SPC900, V500R002C00SPCb00, V600R006C00, TE40 V500R002C00SPC600, V500R002C00SPC700, V500R002C00SPC900, V500R002C00SPCb00, V600R006C00, TE50 V500R002C00SPC600, V500R002C00SPC700, V500R002C00SPCb00, V600R006C00, TE60 V100R001C10, V500R002C00, V600R006C00 have a memory leak vulnerability due to memory don't be released when the XML parser process some node fail. An attacker could exploit it to cause memory leak, which may further lead to system exceptions.

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Huawei ≫ Dp300 Firmware Versionv500r002c00

Huawei ≫ Dp300 Version-

Huawei ≫ Rp200 Firmware Versionv500r002c00spc200

Huawei ≫ Rp200 Version-

Huawei ≫ Rp200 Firmware Versionv600r006c00

Huawei ≫ Rp200 Version-

Huawei ≫ Te30 Firmware Versionv100r001c10spc300

Huawei ≫ Te30 Version-

Huawei ≫ Te30 Firmware Versionv100r001c10spc500

Huawei ≫ Te30 Version-

Huawei ≫ Te30 Firmware Versionv100r001c10spc600

Huawei ≫ Te30 Version-

Huawei ≫ Te30 Firmware Versionv100r001c10spc700

Huawei ≫ Te30 Version-

Huawei ≫ Te30 Firmware Versionv500r002c00spc200

Huawei ≫ Te30 Version-

Huawei ≫ Te30 Firmware Versionv500r002c00spc500

Huawei ≫ Te30 Version-

Huawei ≫ Te30 Firmware Versionv500r002c00spc600

Huawei ≫ Te30 Version-

Huawei ≫ Te30 Firmware Versionv500r002c00spc700

Huawei ≫ Te30 Version-

Huawei ≫ Te30 Firmware Versionv500r002c00spc900

Huawei ≫ Te30 Version-

Huawei ≫ Te30 Firmware Versionv500r002c00spcb00

Huawei ≫ Te30 Version-

Huawei ≫ Te30 Firmware Versionv600r006c00

Huawei ≫ Te30 Version-

Huawei ≫ Te40 Firmware Versionv500r002c00spc600

Huawei ≫ Te40 Version-

Huawei ≫ Te40 Firmware Versionv500r002c00spc700

Huawei ≫ Te40 Version-

Huawei ≫ Te40 Firmware Versionv500r002c00spc900

Huawei ≫ Te40 Version-

Huawei ≫ Te40 Firmware Versionv500r002c00spcb00

Huawei ≫ Te40 Version-

Huawei ≫ Te40 Firmware Versionv600r006c00

Huawei ≫ Te40 Version-

Huawei ≫ Te50 Firmware Versionv500r002c00spc600

Huawei ≫ Te50 Version-

Huawei ≫ Te50 Firmware Versionv500r002c00spc700

Huawei ≫ Te50 Version-

Huawei ≫ Te50 Firmware Versionv500r002c00spcb00

Huawei ≫ Te50 Version-

Huawei ≫ Te50 Firmware Versionv600r006c00

Huawei ≫ Te50 Version-

Huawei ≫ Te60 Firmware Versionv100r001c10

Huawei ≫ Te60 Version-

Huawei ≫ Te60 Firmware Versionv500r002c00

Huawei ≫ Te60 Version-

Huawei ≫ Te60 Firmware Versionv600r006c00

Huawei ≫ Te60 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.02%	0.036

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	2.1	3.9	2.9	AV:L/AC:L/Au:N/C:N/I:N/A:P

CWE-772 Missing Release of Resource after Effective Lifetime

The product does not release a resource after its effective lifetime has ended, i.e., after the resource is no longer needed.

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171129-01-xml-en

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2017-15314

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-15314

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-15314

EUVD