Main Vulnerability Database Vulnerabilities #VU22802

Integer overflow in P30 - CVE-2019-5288

Published: November 15, 2019

Vulnerability identifier: #VU22802

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2019-5288

CWE-ID: CWE-190

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Huawei

Affected software:
P30

Detailed vulnerability description

The vulnerability allows a local user to execute arbitrary code on the target system.

The vulnerability exists because of integer overflow due to insufficient check on specific parameters. A local user can trick the victim to install a malicious application, obtain the root permission, construct specific parameters to the camera program, trigger integer overflow and execute arbitrary code on the target system or break down the program.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

How to mitigate CVE-2019-5288

Install updates from vendor's website.

Sources

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190925-01-smartphone-en

Integer overflow in P30 - CVE-2019-5288

Detailed vulnerability description

How to mitigate CVE-2019-5288

Sources

Please verify you're human