CVE-2020-9093
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
There is a use after free vulnerability in Taurus-AL00A versions 10.0.0.1(C00E1R1P1). A module does not deal with specific message properly, which makes a function refer to memory after it has been freed. Attackers can exploit this vulnerability by running a crafted application with common privilege. This would compromise normal service.
Se presenta una vulnerabilidad de uso de la memoria previamente liberada en Taurus-AL00A versiones 10.0.0.1(C00E1R1P1). Un módulo no trata apropiadamente un mensaje específico, lo que hace que una función referencie a la memoria después de haberla liberado. Los atacantes pueden explotar esta vulnerabilidad ejecutando una aplicación diseñada con privilegios comunes. Esto comprometería el servicio normal
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-02-18 CVE Reserved
- 2020-12-29 CVE Published
- 2023-09-14 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-416: Use After Free
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201216-01-smartphone-en | 2020-12-30 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Huawei Search vendor "Huawei" | Taurus-al00a Firmware Search vendor "Huawei" for product "Taurus-al00a Firmware" | 10.0.0.1\(c00e1r1p1\) Search vendor "Huawei" for product "Taurus-al00a Firmware" and version "10.0.0.1\(c00e1r1p1\)" | - |
Affected
| in | Huawei Search vendor "Huawei" | Taurus-al00a Search vendor "Huawei" for product "Taurus-al00a" | - | - |
Safe
|