CVE-2017-17302

LOW

Huawei - Memory Corruption

Title source: llm

Description

Huawei DP300 V500R002C00, RP200 V600R006C00, TE30 V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C10, V500R002C00, V600R006C00 have a memory leak vulnerability. An authenticated, local attacker may craft and load some specific Certificate Revocation List(CRL) configuration files to the devices repeatedly. Due to not release allocated memory properly, successful exploit may result in memory leak and services abnormal.

References (1)

[Vendor Advisory] http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180124-01-memory-en

Scores

CVSS v3 3.3

EPSS 0.0001

EPSS Percentile 2.2%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Details

CWE

CWE-772

Status published

Products (12)

huawei/dp300_firmware v500r002c00

huawei/rp200_firmware v600r006c00

huawei/te30_firmware v100r001c10

huawei/te30_firmware v500r002c00

huawei/te30_firmware v600r006c00

huawei/te40_firmware v500r002c00

huawei/te40_firmware v600r006c00

huawei/te50_firmware v500r002c00

huawei/te50_firmware v600r006c00

huawei/te60_firmware v100r001c10

... and 2 more

Published Feb 15, 2018

Tracked Since Feb 18, 2026