CVE-2019-5236

Published: Aug 8, 2019Modified: Nov 21, 2024

6.3

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

Exploitability: 2.8 / Impact: 3.4

Source: NVD

Description

Huawei smart phones Emily-L29C with versions of 8.1.0.132a(C432), 8.1.0.135(C782), 8.1.0.154(C10), 8.1.0.154(C461), 8.1.0.154(C635), 8.1.0.156(C185), 8.1.0.156(C605), 8.1.0.159(C636) have a double free vulnerability. An attacker can trick a user to click a URL to exploit this vulnerability. Successful exploitation may cause the affected phone abnormal.

Affected (8)

Products: Huawei: Emily L29c Firmware

Huawei

1 product

Emily L29c Firmware

Configuration A

8 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei Emily L29c Firmware	Version 8.1.0.132a(c432)
Huawei Emily L29c Firmware	Version 8.1.0.135(c782)
Huawei Emily L29c Firmware	Version 8.1.0.154(c10)
Huawei Emily L29c Firmware	Version 8.1.0.154(c461)
Huawei Emily L29c Firmware	Version 8.1.0.154(c635)
Huawei Emily L29c Firmware	Version 8.1.0.156(c185)
Huawei Emily L29c Firmware	Version 8.1.0.156(c605)
Huawei Emily L29c Firmware	Version 8.1.0.159(c636)

Running on/with	Platform Versions
Huawei Emily L29c	All versions

Related CWEs

CWE-415

Double Free

The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.

References (2)

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190807-01-smartphone-en

Source: psirt@huawei.com

Vendor Advisory

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190807-01-smartphone-en

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.