CVE-2019-5247

Published: Nov 29, 2019Modified: Jun 17, 2026

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

Huawei Atlas 300, Atlas 500 have a buffer overflow vulnerability. A local, authenticated attacker may craft specific parameter and send to the process to exploit this vulnerability. Successfully exploit may cause service crash.

Affected (2)

Products: Huawei: Atlas 300 Firmware, Atlas 500 Firmware

Huawei

2 products

Atlas 300 Firmware

Atlas 500 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei Atlas 300 Firmware	From 1.0.0 to 1.0.0.spc102

Running on/with	Platform Versions
Huawei Atlas 300	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei Atlas 500 Firmware	From 1.0.0 to 1.0.0.spc102

Running on/with	Platform Versions
Huawei Atlas 500	All versions

Related CWEs

CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

References (2)

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191127-01-atlas-en

Source: psirt@huawei.com

Vendor Advisory

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191127-01-atlas-en

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.