CVE-2019-5225
Severity CVSS v4.0:
Pending analysis
Type:
CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Publication date:
29/11/2019
Last modified:
06/12/2019
Description
P30, Mate 20, P30 Pro smartphones with software of versions earlier than ELLE-AL00B 9.1.0.193(C00E190R1P21), versions earlier than Hima-AL00B 9.1.0.135(C00E200R2P1), versions earlier than VOGUE-AL00A 9.1.0.193(C00E190R1P12) have a buffer overflow vulnerability on several , the system does not properly validate certain length parameter which an application transports to kernel. An attacker tricks the user to install a malicious application, successful exploit could cause malicious code execution.
Impact
Base Score 3.x
7.80
Severity 3.x
HIGH
Base Score 2.0
6.80
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:huawei:p30_firmware:*:*:*:*:*:*:*:* | elle-al00b_9.1.0.193\(c00e190r1p21\) (excluding) | |
| cpe:2.3:h:huawei:p30:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:huawei:mate_20_firmware:*:*:*:*:*:*:*:* | hima-al00b_9.1.0.135\(c00e200r2p1\) (excluding) | |
| cpe:2.3:h:huawei:mate_20:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:huawei:p30_pro_firmware:*:*:*:*:*:*:*:* | vogue-al00a_9.1.0.193\(c00e190r1p12\) (excluding) | |
| cpe:2.3:h:huawei:p30_pro:-:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page