Security Advisory - Several Vulnerabilities in H323 protocol of Huawei Products

There are two out-of-bounds read vulnerabilities in H323 protocol of Huawei products. An attacker logs in to the system as a user and send crafted packets to the affected products. Due to insufficient verification of the packets, successful exploit will cause process reboot. (Vulnerability ID: HWPSIRT-2017-04136 and HWPSIRT-2017-04224)

These vulnerabilities have been assigned Common Vulnerabilities and Exposures (CVE) IDs: CVE-2017-8199 and CVE-2017-8200.

There is a memory leak vulnerability in H323 protocol of Huawei products. An attacker logs in to the system as a user and send crafted packets to the affected products. Due to insufficient verification of the packets, successful exploit could cause a memory leak and eventual denial of service (DoS) condition. (Vulnerability ID: HWPSIRT-2017-04225)

This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2017-8201.

Huawei has released software updates to fix these vulnerabilities. This advisory is available at the following link:

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170927-01-h323-en