CVE-2017-15314

Huawei DP300 V500R002C00, RP200 V500R002C00SPC200, V600R006C00, TE30 V100R001C10SPC300, V100R001C10SPC500, V100R001C10SPC600, V100R001C10SPC700, V500R002C00SPC200, V500R002C00SPC500, V500R002C00SPC600, V500R002C00SPC700, V500R002C00SPC900, V500R002C00SPCb00, V600R006C00, TE40 V500R002C00SPC600, V500R002C00SPC700, V500R002C00SPC900, V500R002C00SPCb00, V600R006C00, TE50 V500R002C00SPC600, V500R002C00SPC700, V500R002C00SPCb00, V600R006C00, TE60 V100R001C10, V500R002C00, V600R006C00 have a memory leak vulnerability due to memory don't be released when the XML parser process some node fail. An attacker could exploit it to cause memory leak, which may further lead to system exceptions.

Published: Mar 9, 2018
Updated: Apr 13, 2023
CVE: CVE-2017-15314
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.5
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVSS v2:

Severity: Low
Score: 2.1
AV:L/AC:L/Au:N/C:N/I:N/A:P

CWEs:

CWE-772

Affected Software
References

Software	From	Fixed in
huawei / dp300_firmware	500r002c00	500r002c00.x
huawei / rp200_firmware	500r002c00spc200	500r002c00spc200.x
huawei / rp200_firmware	600r006c00	600r006c00.x
huawei / te30_firmware	100r001c10spc300	100r001c10spc300.x
huawei / te30_firmware	100r001c10spc500	100r001c10spc500.x
huawei / te30_firmware	100r001c10spc600	100r001c10spc600.x
huawei / te30_firmware	100r001c10spc700	100r001c10spc700.x
huawei / te30_firmware	500r002c00spc200	500r002c00spc200.x
huawei / te30_firmware	500r002c00spc500	500r002c00spc500.x
huawei / te30_firmware	500r002c00spc600	500r002c00spc600.x
huawei / te30_firmware	500r002c00spc700	500r002c00spc700.x
huawei / te30_firmware	500r002c00spc900	500r002c00spc900.x
huawei / te30_firmware	500r002c00spcb00	500r002c00spcb00.x
huawei / te30_firmware	600r006c00	600r006c00.x
huawei / te40_firmware	500r002c00spc600	500r002c00spc600.x
huawei / te40_firmware	500r002c00spc700	500r002c00spc700.x
huawei / te40_firmware	500r002c00spc900	500r002c00spc900.x
huawei / te40_firmware	500r002c00spcb00	500r002c00spcb00.x
huawei / te40_firmware	600r006c00	600r006c00.x
huawei / te50_firmware	500r002c00spc600	500r002c00spc600.x
huawei / te50_firmware	500r002c00spc700	500r002c00spc700.x
huawei / te50_firmware	500r002c00spcb00	500r002c00spcb00.x
huawei / te50_firmware	600r006c00	600r006c00.x
huawei / te60_firmware	100r001c10	100r001c10.x
huawei / te60_firmware	500r002c00	500r002c00.x
huawei / te60_firmware	600r006c00	600r006c00.x

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171129-01-xml-en

Vulnerability Database

289,599

CVE-2017-15314