多款Huawei产品输入验证错误漏洞
CVE编号
CVE-2019-5303利用情况
暂无补丁情况
N/A披露时间
2020-04-28漏洞描述
Huawei Mate20等都是中国华为(Huawei)公司的一款智能手机。 多款Huawei产品中存在拒绝服务漏洞,该漏洞源于在解析消息时对两个字段校验不重复。攻击者可通过伪基站向受影响设备发送特制的TD-SCDMA消息利用该漏洞导致死循环和设备重启。以下产品及版本受到影响:Huawei ALP-AL00B 9.1.0.333(C00E333R2P1T8)之前版本;ALP-L09 9.1.0.300(C432E4R1P9T8)之前版本;ALP-L29 9.1.0.315(C636E5R1P13T8)之前版本,BLA-L29C 9.1.0.321(C636E4R1P14T8)之前版本,BLA-L29C 9.1.0.330(C432E6R1P12T8)之前版本,BLA-L29C 9.1.0.302(C635E4R1P13T8)之前版本;Berkeley-AL20 9.1.0.333(C00E333R2P1T8)之前版本;Berkeley-L09 9.1.0.350(C10E3R1P14T8)之前版本,Berkeley-L09 9.1.0.351(C432E5R1P13T8)之前版本,Berkeley-L09 9.1.0.350(C636E4R1P13T8)之前版本;HUAWEI Mate 20 9.1.0.131(C00E131R3P1)之前版本;HUAWEI Mate 20 Pro 9.1.0.310(C185E10R2P1)之前版本;HUAWEI P20 9.1.0.333(C00E333R1P1T8)之前版本;HUAWEI P30 9.1.0.193之前版本;Honor 10 Lite 9.1.0.283(C605E8R2P2)之前版本;HUAWEI Y9 2019 9.1.0.220(C605E3R1P1T8)之前版本等。解决建议
厂商已发布了漏洞修复程序,请及时关注更新:https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20190814-01-mobile-cn
参考链接 |
|
|---|---|
| https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190814-01-mobile-en |
受影响软件情况
| # | 类型 | 厂商 | 产品 | 版本 | 影响面 | ||||
| 1 | |||||||||
|---|---|---|---|---|---|---|---|---|---|
| 运行在以下环境 | |||||||||
| 系统 | huawei | alp-al00b_firmware | * | Up to (excluding) 9.1.0.333\(c00e333r2p1t8\) | |||||
| 运行在以下环境 | |||||||||
| 系统 | huawei | alp-l09_firmware | * | Up to (excluding) 9.1.0.300\(c432e4r1p9t8\) | |||||
| 运行在以下环境 | |||||||||
| 系统 | huawei | alp-l29_firmware | * | Up to (excluding) 9.1.0.315\(c636e5r1p13t8\) | |||||
| 运行在以下环境 | |||||||||
| 系统 | huawei | berkeley-al20_firmware | * | Up to (excluding) 9.1.0.333\(c00e333r2p1t8\) | |||||
| 运行在以下环境 | |||||||||
| 系统 | huawei | berkeley-l09_firmware | * | Up to (excluding) 9.1.0.350\(c10e3r1p14t8\) | |||||
| 运行在以下环境 | |||||||||
| 系统 | huawei | berkeley-l09_firmware | * | Up to (excluding) 9.1.0.350\(c636e4r1p13t8\) | |||||
| 运行在以下环境 | |||||||||
| 系统 | huawei | berkeley-l09_firmware | * | Up to (excluding) 9.1.0.351\(c432e5r1p13t8\) | |||||
| 运行在以下环境 | |||||||||
| 系统 | huawei | bla-l29c_firmware | * | Up to (excluding) 9.1.0.302\(c635e4r1p13t8\) | |||||
| 运行在以下环境 | |||||||||
| 系统 | huawei | bla-l29c_firmware | * | Up to (excluding) 9.1.0.321\(c636e4r1p14t8\) | |||||
| 运行在以下环境 | |||||||||
| 系统 | huawei | bla-l29c_firmware | * | Up to (excluding) 9.1.0.330\(c432e6r1p12t8\) | |||||
| 运行在以下环境 | |||||||||
| 系统 | huawei | charlotte-l09c_firmware | * | Up to (excluding) 9.1.0.311\(c185e4r1p11t8\) | |||||
| 运行在以下环境 | |||||||||
| 系统 | huawei | charlotte-l09c_firmware | * | Up to (excluding) 9.1.0.345\(c432e8r1p11t8\) | |||||
| 运行在以下环境 | |||||||||
| 系统 | huawei | charlotte-l29c_firmware | * | Up to (excluding) 9.1.0.325\(c185e4r1p11t8\) | |||||
| 运行在以下环境 | |||||||||
| 系统 | huawei | charlotte-l29c_firmware | * | Up to (excluding) 9.1.0.335\(c636e3r1p13t8\) | |||||
| 运行在以下环境 | |||||||||
| 系统 | huawei | charlotte-l29c_firmware | * | Up to (excluding) 9.1.0.336\(c605e3r1p12t8\) | |||||
| 运行在以下环境 | |||||||||
| 系统 | huawei | charlotte-l29c_firmware | * | Up to (excluding) 9.1.0.345\(c432e8r1p11t8\) | |||||
| 运行在以下环境 | |||||||||
| 系统 | huawei | columbia-al10b_firmware | * | Up to (excluding) 9.1.0.333\(c00e333r1p1t8\) | |||||
| 运行在以下环境 | |||||||||
| 系统 | huawei | columbia-l29d_firmware | * | Up to (excluding) 9.1.0.350\(c10e5r1p14t8\) | |||||
| 运行在以下环境 | |||||||||
| 系统 | huawei | columbia-l29d_firmware | * | Up to (excluding) 9.1.0.350\(c185e3r1p12t8\) | |||||
| 运行在以下环境 | |||||||||
| 系统 | huawei | columbia-l29d_firmware | * | Up to (excluding) 9.1.0.350\(c461e3r1p11t8\) | |||||
| 运行在以下环境 | |||||||||
| 系统 | huawei | columbia-l29d_firmware | * | Up to (excluding) 9.1.0.351\(c432e5r1p13t8\) | |||||
| 运行在以下环境 | |||||||||
| 系统 | huawei | cornell-al00a_firmware | * | Up to (excluding) 9.1.0.333\(c00e333r1p1t8\) | |||||
| 运行在以下环境 | |||||||||
| 系统 | huawei | cornell-l29a_firmware | * | Up to (excluding) 9.1.0.328\(c185e1r1p9t8\) | |||||
| 运行在以下环境 | |||||||||
| 系统 | huawei | cornell-l29a_firmware | * | Up to (excluding) 9.1.0.328\(c432e1r1p9t8\) | |||||
| 运行在以下环境 | |||||||||
| 系统 | huawei | cornell-l29a_firmware | * | Up to (excluding) 9.1.0.328\(c636e2r1p12t8\) | |||||
| 运行在以下环境 | |||||||||
| 系统 | huawei | cornell-l29a_firmware | * | Up to (excluding) 9.1.0.330\(c461e1r1p9t8\) | |||||
| 运行在以下环境 | |||||||||
| 系统 | huawei | emily-l09c_firmware | * | Up to (excluding) 9.1.0.311\(c185e2r1p12t8\) | |||||
| 运行在以下环境 | |||||||||
| 系统 | huawei | emily-l09c_firmware | * | Up to (excluding) 9.1.0.336\(c605e4r1p12t8\) | |||||
| 运行在以下环境 | |||||||||
| 系统 | huawei | emily-l09c_firmware | * | Up to (excluding) 9.1.0.345\(c432e10r1p12t8\) | |||||
| 运行在以下环境 | |||||||||
| 系统 | huawei | emily-l29c_firmware | * | Up to (excluding) 9.1.0.311\(c432e7r1p11t8\) | |||||
| 运行在以下环境 | |||||||||
| 系统 | huawei | emily-l29c_firmware | * | Up to (excluding) 9.1.0.311\(c605e2r1p12t8\) | |||||
| 运行在以下环境 | |||||||||
| 系统 | huawei | emily-l29c_firmware | * | Up to (excluding) 9.1.0.311\(c636e7r1p13t8\) | |||||
| 运行在以下环境 | |||||||||
| 系统 | huawei | ever-l29b_firmware | * | Up to (excluding) 9.1.0.310\(c432e3r1p12\) | |||||
| 运行在以下环境 | |||||||||
| 系统 | huawei | ever-l29b_firmware | * | Up to (excluding) 9.1.0.310\(c636e3r2p1\) | |||||
| 运行在以下环境 | |||||||||
| 系统 | huawei | ever-l29b_firmware | * | Up to (excluding) 9.1.0.311\(c185e3r3p1\) | |||||
| 运行在以下环境 | |||||||||
| 系统 | huawei | honor_10_lite_firmware | * | Up to (excluding) 9.1.0.283\(c605e8r2p2\) | |||||
| 运行在以下环境 | |||||||||
| 系统 | huawei | honor_20_firmware | * | Up to (excluding) 9.1.0.152\(c00e150r5p1\) | |||||
| 运行在以下环境 | |||||||||
| 系统 | huawei | honor_8x_firmware | * | Up to (excluding) 9.1.0.221\(c461e2r1p1t8\) | |||||
| 运行在以下环境 | |||||||||
| 系统 | huawei | honor_magic2_firmware | * | Up to (excluding) 10.0.0.187 | |||||
| 运行在以下环境 | |||||||||
| 系统 | huawei | honor_v20_firmware | * | Up to (excluding) 9.1.0.234\(c00e234r4p3\) | |||||
| 运行在以下环境 | |||||||||
| 系统 | huawei | honor_view_20_firmware | * | Up to (excluding) 9.1.0.238\(c432e1r3p1\) | |||||
| 运行在以下环境 | |||||||||
| 系统 | huawei | jackman-l22_firmware | * | Up to (excluding) 9.1.0.247\(c636e2r4p1t8\) | |||||
| 运行在以下环境 | |||||||||
| 系统 | huawei | mate_20_firmware | * | Up to (excluding) 9.1.0.131\(c00e131r3p1\) | |||||
| 运行在以下环境 | |||||||||
| 系统 | huawei | mate_20_pro_firmware | * | Up to (excluding) 9.1.0.310\(c185e10r2p1\) | |||||
| 运行在以下环境 | |||||||||
| 系统 | huawei | mate_20_rs_firmware | * | Up to (excluding) 9.1.0.135\(c786e133r3p1\) | |||||
| 运行在以下环境 | |||||||||
| 系统 | huawei | mate_20_x_firmware | * | Up to (excluding) 9.1.0.135\(c00e133r2p1\) | |||||
| 运行在以下环境 | |||||||||
| 系统 | huawei | nova_lite_3_firmware | * | Up to (excluding) 9.1.0.305\(c635e8r2p2\) | |||||
| 运行在以下环境 | |||||||||
| 系统 | huawei | p20_firmware | * | Up to (excluding) 9.1.0.333\(c00e333r1p1t8\) | |||||
| 运行在以下环境 | |||||||||
| 系统 | huawei | p20_pro_firmware | * | Up to (excluding) 9.1.0.333\(c00e333r1p1t8\) | |||||
| 运行在以下环境 | |||||||||
| 系统 | huawei | p30_firmware | * | Up to (excluding) 9.1.0.193 | |||||
| 运行在以下环境 | |||||||||
| 系统 | huawei | p30_pro_firmware | * | Up to (excluding) 9.1.0.186\(c00e180r2p1\) | |||||
| 运行在以下环境 | |||||||||
| 系统 | huawei | paris-l21b_firmware | * | Up to (excluding) 9.1.0.331\(c432e1r1p2t8\) | |||||
| 运行在以下环境 | |||||||||
| 系统 | huawei | paris-l21meb_firmware | * | Up to (excluding) 9.1.0.331\(c185e4r1p3t8\) | |||||
| 运行在以下环境 | |||||||||
| 系统 | huawei | paris-l29b_firmware | * | Up to (excluding) 9.1.0.331\(c636e1r1p3t8\) | |||||
| 运行在以下环境 | |||||||||
| 系统 | huawei | sydney-al00_firmware | * | Up to (excluding) 9.1.0.212\(c00e62r1p7t8\) | |||||
| 运行在以下环境 | |||||||||
| 系统 | huawei | sydney-l21br_firmware | * | Up to (excluding) 9.1.0.213\(c185e1r1p2t8\) | |||||
| 运行在以下环境 | |||||||||
| 系统 | huawei | sydney-l21_firmware | * | Up to (excluding) 9.1.0.213\(c185e1r1p1t8\) | |||||
| 运行在以下环境 | |||||||||
| 系统 | huawei | sydney-l21_firmware | * | Up to (excluding) 9.1.0.215\(c432e1r1p1t8\) | |||||
| 运行在以下环境 | |||||||||
| 系统 | huawei | sydney-l22br_firmware | * | Up to (excluding) 9.1.0.258\(c636e1r1p1t8\) | |||||
| 运行在以下环境 | |||||||||
| 系统 | huawei | sydney-l22_firmware | * | Up to (excluding) 9.1.0.258\(c636e1r1p1t8\) | |||||
| 运行在以下环境 | |||||||||
| 系统 | huawei | sydneym-al00_firmware | * | Up to (excluding) 9.1.0.228\(c00e78r1p7t8\) | |||||
| 运行在以下环境 | |||||||||
| 系统 | huawei | sydneym-l01_firmware | * | Up to (excluding) 9.1.0.213\(c185e1r1p1t8\) | |||||
| 运行在以下环境 | |||||||||
| 系统 | huawei | sydneym-l01_firmware | * | Up to (excluding) 9.1.0.215\(c782e2r1p1t8\) | |||||
| 运行在以下环境 | |||||||||
| 系统 | huawei | sydneym-l01_firmware | * | Up to (excluding) 9.1.0.270\(c432e3r1p1t8\) | |||||
| 运行在以下环境 | |||||||||
| 系统 | huawei | sydneym-l03_firmware | * | Up to (excluding) 9.1.0.217\(c605e1r1p1t8\) | |||||
| 运行在以下环境 | |||||||||
| 系统 | huawei | sydneym-l21_firmware | * | Up to (excluding) 9.1.0.215\(c432e4r1p1t8\) | |||||
| 运行在以下环境 | |||||||||
| 系统 | huawei | sydneym-l21_firmware | * | Up to (excluding) 9.1.0.221\(c461e1r1p1t8\) | |||||
| 运行在以下环境 | |||||||||
| 系统 | huawei | sydneym-l22_firmware | * | Up to (excluding) 9.1.0.216\(c569e1r1p1t8\) | |||||
| 运行在以下环境 | |||||||||
| 系统 | huawei | sydneym-l22_firmware | * | Up to (excluding) 9.1.0.220\(c635e1r1p2t8\) | |||||
| 运行在以下环境 | |||||||||
| 系统 | huawei | sydneym-l22_firmware | * | Up to (excluding) 9.1.0.259\(c185e1r1p2t8\) | |||||
| 运行在以下环境 | |||||||||
| 系统 | huawei | sydneym-l23_firmware | * | Up to (excluding) 9.1.0.226\(c605e2r1p1t8\) | |||||
| 运行在以下环境 | |||||||||
| 系统 | huawei | y9_2019_firmware | * | Up to (excluding) 9.1.0.220\(c605e3r1p1t8\) | |||||
| 运行在以下环境 | |||||||||
| 系统 | huawei | yale-l21a_firmware | * | Up to (excluding) 9.1.0.154\(c432e2r3p2\) | |||||
| 运行在以下环境 | |||||||||
| 系统 | huawei | yale-l21a_firmware | * | Up to (excluding) 9.1.0.154\(c461e2r2p1\) | |||||
| 运行在以下环境 | |||||||||
| 系统 | huawei | yale-l21a_firmware | * | Up to (excluding) 9.1.0.154\(c636e2r2p1\) | |||||
| 运行在以下环境 | |||||||||
| 硬件 | huawei | alp-al00b | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | huawei | alp-l09 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | huawei | alp-l29 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | huawei | berkeley-al20 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | huawei | berkeley-l09 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | huawei | bla-l29c | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | huawei | charlotte-l09c | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | huawei | charlotte-l29c | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | huawei | columbia-al10b | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | huawei | columbia-l29d | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | huawei | cornell-al00a | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | huawei | cornell-l29a | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | huawei | emily-l09c | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | huawei | emily-l29c | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | huawei | ever-l29b | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | huawei | honor_10_lite | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | huawei | honor_20 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | huawei | honor_8x | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | huawei | honor_magic2 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | huawei | honor_v20 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | huawei | honor_view_20 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | huawei | jackman-l22 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | huawei | mate_20 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | huawei | mate_20_pro | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | huawei | mate_20_rs | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | huawei | mate_20_x | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | huawei | nova_lite_3 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | huawei | p20 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | huawei | p20_pro | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | huawei | p30 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | huawei | p30_pro | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | huawei | paris-l21b | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | huawei | paris-l21meb | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | huawei | paris-l29b | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | huawei | sydney-al00 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | huawei | sydney-l21 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | huawei | sydney-l21br | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | huawei | sydney-l22 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | huawei | sydney-l22br | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | huawei | sydneym-al00 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | huawei | sydneym-l01 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | huawei | sydneym-l03 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | huawei | sydneym-l21 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | huawei | sydneym-l22 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | huawei | sydneym-l23 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | huawei | y9_2019 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | huawei | yale-l21a | - | - | |||||
- 攻击路径 相邻
- 攻击复杂度 高
- 权限要求 无
- 影响范围 未更改
- 用户交互 无
- 可用性 高
- 保密性 无
- 完整性 无
| CWE-ID | 漏洞类型 |
| CWE-20 | 输入验证不恰当 |
Exp相关链接
版权声明
本站原创文章转载请注明文章出处及链接,谢谢合作!
评论