CVE-2020-1862

Published: Mar 20, 2020Modified: Nov 21, 2024

3.3

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Exploitability: 1.8 / Impact: 1.4

Source: NVD

Description

There is a double free vulnerability in some Huawei products. A local attacker with low privilege may perform some operations to exploit the vulnerability. Due to doubly freeing memory, successful exploit may cause some service abnormal. Affected product versions include:CampusInsight versions V100R019C00;ManageOne versions 6.5.RC2.B050.

Affected (2)

Products: Huawei: Campusinsight, Manageone

2 products

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Huawei Campusinsight	Version v100r019c00
Huawei Manageone	Version 6.5 rc2.b050

Related CWEs

The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.

References (2)

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200318-01-free-en

Source: psirt@huawei.com

Vendor Advisory

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200318-01-free-en

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.