Lucene search

[email protected]NVD:CVE-2017-15314

HistoryMar 09, 2018 - 9:29 p.m.

CVE-2017-15314

2018-03-0921:29:00

CWE-772

[email protected]

web.nvd.nist.gov

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:N/A:P

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS

Percentile

12.6%

JSON

Huawei DP300 V500R002C00, RP200 V500R002C00SPC200, V600R006C00, TE30 V100R001C10SPC300, V100R001C10SPC500, V100R001C10SPC600, V100R001C10SPC700, V500R002C00SPC200, V500R002C00SPC500, V500R002C00SPC600, V500R002C00SPC700, V500R002C00SPC900, V500R002C00SPCb00, V600R006C00, TE40 V500R002C00SPC600, V500R002C00SPC700, V500R002C00SPC900, V500R002C00SPCb00, V600R006C00, TE50 V500R002C00SPC600, V500R002C00SPC700, V500R002C00SPCb00, V600R006C00, TE60 V100R001C10, V500R002C00, V600R006C00 have a memory leak vulnerability due to memory don’t be released when the XML parser process some node fail. An attacker could exploit it to cause memory leak, which may further lead to system exceptions.

Affected configurations

Nvd

Node

huaweidp300_firmwareMatchv500r002c00

AND

huaweidp300Match-

Node

huaweirp200_firmwareMatchv500r002c00spc200

huaweirp200_firmwareMatchv600r006c00

AND

huaweirp200Match-

Node

huaweite30_firmwareMatchv100r001c10spc300

huaweite30_firmwareMatchv100r001c10spc500

huaweite30_firmwareMatchv100r001c10spc600

huaweite30_firmwareMatchv100r001c10spc700

huaweite30_firmwareMatchv500r002c00spc200

huaweite30_firmwareMatchv500r002c00spc500

huaweite30_firmwareMatchv500r002c00spc600

huaweite30_firmwareMatchv500r002c00spc700

huaweite30_firmwareMatchv500r002c00spc900

huaweite30_firmwareMatchv500r002c00spcb00

huaweite30_firmwareMatchv600r006c00

AND

huaweite30Match-

Node

huaweite40_firmwareMatchv500r002c00spc600

huaweite40_firmwareMatchv500r002c00spc700

huaweite40_firmwareMatchv500r002c00spc900

huaweite40_firmwareMatchv500r002c00spcb00

huaweite40_firmwareMatchv600r006c00

AND

huaweite40Match-

Node

huaweite50_firmwareMatchv500r002c00spc600

huaweite50_firmwareMatchv500r002c00spc700

huaweite50_firmwareMatchv500r002c00spcb00

huaweite50_firmwareMatchv600r006c00

AND

huaweite50Match-

Node

huaweite60_firmwareMatchv100r001c10

huaweite60_firmwareMatchv500r002c00

huaweite60_firmwareMatchv600r006c00

AND

huaweite60Match-

VendorProductVersionCPE
huaweidp300_firmwarev500r002c00cpe:2.3:o:huawei:dp300_firmware:v500r002c00:*:*:*:*:*:*:*
huaweidp300-cpe:2.3:h:huawei:dp300:-:*:*:*:*:*:*:*
huaweirp200_firmwarev500r002c00spc200cpe:2.3:o:huawei:rp200_firmware:v500r002c00spc200:*:*:*:*:*:*:*
huaweirp200_firmwarev600r006c00cpe:2.3:o:huawei:rp200_firmware:v600r006c00:*:*:*:*:*:*:*
huaweirp200-cpe:2.3:h:huawei:rp200:-:*:*:*:*:*:*:*
huaweite30_firmwarev100r001c10spc300cpe:2.3:o:huawei:te30_firmware:v100r001c10spc300:*:*:*:*:*:*:*
huaweite30_firmwarev100r001c10spc500cpe:2.3:o:huawei:te30_firmware:v100r001c10spc500:*:*:*:*:*:*:*
huaweite30_firmwarev100r001c10spc600cpe:2.3:o:huawei:te30_firmware:v100r001c10spc600:*:*:*:*:*:*:*
huaweite30_firmwarev100r001c10spc700cpe:2.3:o:huawei:te30_firmware:v100r001c10spc700:*:*:*:*:*:*:*
huaweite30_firmwarev500r002c00spc200cpe:2.3:o:huawei:te30_firmware:v500r002c00spc200:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
huawei	dp300_firmware	v500r002c00	cpe:2.3:o:huawei:dp300_firmware:v500r002c00:::::::*
huawei	dp300	-	cpe:2.3:h:huawei:dp300:-:::::::*
huawei	rp200_firmware	v500r002c00spc200	cpe:2.3:o:huawei:rp200_firmware:v500r002c00spc200:::::::*
huawei	rp200_firmware	v600r006c00	cpe:2.3:o:huawei:rp200_firmware:v600r006c00:::::::*
huawei	rp200	-	cpe:2.3:h:huawei:rp200:-:::::::*
huawei	te30_firmware	v100r001c10spc300	cpe:2.3:o:huawei:te30_firmware:v100r001c10spc300:::::::*
huawei	te30_firmware	v100r001c10spc500	cpe:2.3:o:huawei:te30_firmware:v100r001c10spc500:::::::*
huawei	te30_firmware	v100r001c10spc600	cpe:2.3:o:huawei:te30_firmware:v100r001c10spc600:::::::*
huawei	te30_firmware	v100r001c10spc700	cpe:2.3:o:huawei:te30_firmware:v100r001c10spc700:::::::*
huawei	te30_firmware	v500r002c00spc200	cpe:2.3:o:huawei:te30_firmware:v500r002c00spc200:::::::*

Rows per page:

1-10 of 321

References

www.huawei.com/en/psirt/security-advisories/huawei-sa-20171129-01-xml-en

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:N/A:P

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS

Percentile

12.6%

JSON

Related for NVD:CVE-2017-15314

cve1 cvelist1 prion1 huawei1