CVE-2017-2729

Published: Nov 22, 2017Modified: May 13, 2026

7.8

Vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

The boot loaders in Honor 5A smart phones with software Versions earlier than CAM-TL00C01B193,Versions earlier than CAM-TL00HC00B193,Versions earlier than CAM-UL00C00B193 have a buffer overflow vulnerability. An attacker with the root privilege of an Android system may trick a user into installing a malicious APP. The APP can modify specific data to cause buffer overflow in the next system reboot, causing continuous system reboot or arbitrary code execution.

Affected (10)

Products: Huawei: Honor 5a Firmware, P8 Lite Firmware

Huawei

2 products

Honor 5a Firmware

P8 Lite Firmware

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Huawei Honor 5a Firmware	Before cam-tl00c01b193

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Huawei Honor 5a Firmware	Before cam-tl00hc00b193

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei Honor 5a Firmware	Before cam-ul00c00b193

Running on/with	Platform Versions
Huawei Honor 5a	All versions

Configuration D

1 vulnerable

Vulnerable Software	Affected Versions
Huawei P8 Lite Firmware	Before ale-l02c635b568

Configuration E

1 vulnerable

Vulnerable Software	Affected Versions
Huawei P8 Lite Firmware	Before ale-l21c10b541

Configuration F

1 vulnerable

Vulnerable Software	Affected Versions
Huawei P8 Lite Firmware	Before ale-l21c185b568

Configuration G

1 vulnerable

Vulnerable Software	Affected Versions
Huawei P8 Lite Firmware	Before ale-l21c432b596

Configuration H

1 vulnerable

Vulnerable Software	Affected Versions
Huawei P8 Lite Firmware	Before ale-l21c464b595

Configuration I

1 vulnerable

Vulnerable Software	Affected Versions
Huawei P8 Lite Firmware	Before ale-l21c636b568

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei P8 Lite Firmware	Before ale-l23c605b535

Running on/with	Platform Versions
Huawei P8 Lite	All versions

Related CWEs

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

References (4)

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170302-01-smartphone-en

Source: psirt@huawei.com

Vendor Advisory

http://www.securityfocus.com/bid/96526

Source: psirt@huawei.com

Third Party AdvisoryVDB Entry

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170302-01-smartphone-en

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.securityfocus.com/bid/96526

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

Timeline

No history available yet.