CVE-2017-2717
MEDIUMHuawei Honor 8 Pro Firmware Integer Overflow via Response Message Length Field
Title source: llmDescription
honor 8 Pro with software Duke-L09C10B120 and earlier versions,Duke-L09C432B120 and earlier versions,Duke-L09C636B120 and earlier versions has an integer overflow vulnerability. The attacker sends a response message to the device, which contains an illegal length field, it could produce an integer overflow and restart the modem system.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170816-01-nas-en
Scores
CVSS v3
6.5
EPSS
0.0005
EPSS Percentile
15.6%
Attack Vector
ADJACENT_NETWORK
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-190
Status
published
Products (2)
huawei/honor_8_pro_firmware
< duke-l09c10b120
Huawei Technologies Co., Ltd./honor 8 Pro
Duke-L09C10B120 and earlier versions,Duke-L09C432B120 and earlier versions,Duke-L09C636B120 and earl
Published
Nov 22, 2017
Tracked Since
Feb 18, 2026