CVE-2017-17330

Summary

Huawei AR3200 V200R005C32; V200R006C10; V200R006C11; V200R007C00; V200R007C01; V200R007C02; V200R008C00; V200R008C10; V200R008C20; V200R008C30; NGFW Module V500R001C00; V500R001C20; V500R002C00 have a memory leak vulnerability. The software does not release allocated memory properly when parse XML element data. An authenticated attacker could upload a crafted XML file, successful exploit could cause the system service abnormal since run out of memory.

Affected Software

VendorProductVersion RangeStatus
Huawei Technologies Co., Ltd.AR3200; NGFW ModuleAR3200 V200R005C32affected
Huawei Technologies Co., Ltd.AR3200; NGFW ModuleV200R006C10affected
Huawei Technologies Co., Ltd.AR3200; NGFW ModuleV200R006C11affected
Huawei Technologies Co., Ltd.AR3200; NGFW ModuleV200R007C00affected
Huawei Technologies Co., Ltd.AR3200; NGFW ModuleV200R007C01affected
Huawei Technologies Co., Ltd.AR3200; NGFW ModuleV200R007C02affected
Huawei Technologies Co., Ltd.AR3200; NGFW ModuleV200R008C00affected
Huawei Technologies Co., Ltd.AR3200; NGFW ModuleV200R008C10affected
Huawei Technologies Co., Ltd.AR3200; NGFW ModuleV200R008C20affected
Huawei Technologies Co., Ltd.AR3200; NGFW ModuleV200R008C30affected
Huawei Technologies Co., Ltd.AR3200; NGFW ModuleNGFW Module V500R001C00affected
Huawei Technologies Co., Ltd.AR3200; NGFW ModuleV500R001C20affected
Huawei Technologies Co., Ltd.AR3200; NGFW ModuleV500R002C00affected

Weaknesses

  • memory leak

ADP Enrichment

CVE Program Container

Additional References

References