Security Advisory - DoS Vulnerability in TLS of Some Huawei Products

2017-07-05T00:00:00
ID HUAWEI-SA-20170705-01-TLS
Type huawei
Reporter Huawei Technologies
Modified 2017-07-05T00:00:00

Description

There is a input validation vulnerability in some huawei products when handle TLS and DTLS handshake with certificate. Due to the insufficient validation of received PKI certificates, remote attackers could exploit this vulnerability to crash the TLS module. (Vulnerability ID: HWPSIRT-2017-03121) This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2017-8213. Huawei has released software updates to fix this vulnerability. This advisory is available at the following link: http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170705-01-tls-en