Huawei TechnologiesHUAWEI-SA-20180103-01-CRYPTOSecurity Advisory - Two Vulnerabilities in CRYPTO module of Several Huawei Products
There is a buffer overflow vulnerability in the CRYPTO module of several Huawei products. An unauthenticated, local attacker could craft malformed file with a specific field that the length is longer than the maximum value. Due to insufficient validation of the inputs, successful exploit could cause the system reboot. (Vulnerability ID: HWPSIRT-2017-07009)
There is a null pointer dereference vulnerability in the CRYPTO module of several Huawei products. An unauthenticated, local attacker could craft malformed file with a specific field that the value is a null pointer. Due to insufficient verification of the inputs, successful exploit could cause the system reboot. (Vulnerability ID: HWPSIRT-2017-07010)
Huawei has released software updates to fix these vulnerabilities. This advisory is available at the following link:
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180103-01-crypto-en
Affected configurations
| CPE | Name | Operator | Version |
|---|---|---|---|
| dp300 | eq | V500R002C00 | |
| rp200 | eq | V500R002C00 | |
| rp200 | eq | V600R006C00 | |
| te30 | eq | V100R001C02 | |
| te30 | eq | V100R001C10 | |
| te30 | eq | V500R002C00 | |
| te30 | eq | V600R006C00 | |
| te40 | eq | V500R002C00 | |
| te40 | eq | V600R006C00 | |
| te50 | eq | V500R002C00 |