cnvd - cnvd-2017-05106

cnvd-2017-05106

Vulnerability from cnvd

Title: 华为Campus系列交换机堆缓冲区溢出漏洞

Description:

华为Campus交换机是华为推出的系列交换机。

华为Campus系列交换机存在堆缓冲区溢出漏洞，允许攻击者通过持续发送畸形数据包进行拒绝服务攻击（堆溢出）。

Severity: 高

Patch Name: 华为Campus系列交换机堆缓冲区溢出漏洞的补丁

Patch Description:

华为Campus交换机是华为推出的系列交换机。

华为Campus系列交换机存在堆缓冲区溢出漏洞，允许攻击者通过持续发送畸形数据包进行拒绝服务攻击（堆溢出）。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

厂商已发布漏洞修复程序，请及时关注更新： http://www.huawei.com/en/psirt/security-advisories/hw-343218

Reference: http://www.huawei.com/en/psirt/security-advisories/hw-343218

Impacted products

Name
['Huawei S7700 V200R001C00SPC300', 'Huawei S9300 V200R001C00SPC300', 'Huawei S9300 V200R002C00SPC100', 'Huawei S9300 V200R003C00SPC300', 'Huawei campus s3700hi V200R001C00SPC300', 'Huawei S5700 V200R001C00SPC300', 'Huawei S5700 V200R003C00SPC300', 'Huawei S6700 S3300HI V200R001C00SPC300', 'Huawei S5300 V200R001C00SPC300', 'Huawei S5300 V200R003C00SPC300', 'Huawei S5300 V200R002C00SPC100', 'Huawei S6300 V200R001C00SPC300', 'Huawei S6300 V200R003C00SPC300', 'Huawei S6300 V200R002C00SPC100', 'Huawei S7700 V200R001C00SPC300', 'Huawei LSW S9700 V200R001C00SPC300', 'Huawei LSW S9700 V200R003C00SPC300', 'Huawei LSW S9700 V200R003C00SPC500', 'Huawei Campus S5700 V200R002C00SPC100', 'Huawei S9300E V200R002C00SPC100', 'Huawei S9300E V200R003C00SPC300', 'Huawei S6700 V200R002C00SPC100', 'Huawei S6700 V200R003C00SPC300', 'Huawei Campus S7700 V200R002C00SPC100', 'Huawei Campus S7700 V200R003C00SPC300', 'Huawei S2750 V200R003C00SPC300', 'Huawei S2350EI V200R003C00SPC300']

Name

['Huawei S7700 V200R001C00SPC300', 'Huawei S9300 V200R001C00SPC300', 'Huawei S9300 V200R002C00SPC100', 'Huawei S9300 V200R003C00SPC300', 'Huawei campus s3700hi V200R001C00SPC300', 'Huawei S5700 V200R001C00SPC300', 'Huawei S5700 V200R003C00SPC300', 'Huawei S6700 S3300HI V200R001C00SPC300', 'Huawei S5300 V200R001C00SPC300', 'Huawei S5300 V200R003C00SPC300', 'Huawei S5300 V200R002C00SPC100', 'Huawei S6300 V200R001C00SPC300', 'Huawei S6300 V200R003C00SPC300', 'Huawei S6300 V200R002C00SPC100', 'Huawei S7700 V200R001C00SPC300', 'Huawei LSW S9700 V200R001C00SPC300', 'Huawei LSW S9700 V200R003C00SPC300', 'Huawei LSW S9700 V200R003C00SPC500', 'Huawei Campus S5700 V200R002C00SPC100', 'Huawei S9300E V200R002C00SPC100', 'Huawei S9300E V200R003C00SPC300', 'Huawei S6700 V200R002C00SPC100', 'Huawei S6700 V200R003C00SPC300', 'Huawei Campus S7700 V200R002C00SPC100', 'Huawei Campus S7700 V200R003C00SPC300', 'Huawei S2750 V200R003C00SPC300', 'Huawei S2350EI V200R003C00SPC300']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2014-4706"
    }
  },
  "description": "\u534e\u4e3aCampus\u4ea4\u6362\u673a\u662f\u534e\u4e3a\u63a8\u51fa\u7684\u7cfb\u5217\u4ea4\u6362\u673a\u3002\r\n\r\n\u534e\u4e3aCampus\u7cfb\u5217\u4ea4\u6362\u673a\u5b58\u5728\u5806\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff0c\u5141\u8bb8\u653b\u51fb\u8005\u901a\u8fc7\u6301\u7eed\u53d1\u9001\u7578\u5f62\u6570\u636e\u5305\u8fdb\u884c\u62d2\u7edd\u670d\u52a1\u653b\u51fb\uff08\u5806\u6ea2\u51fa\uff09\u3002",
  "discovererName": "Huawei internal testing team",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttp://www.huawei.com/en/psirt/security-advisories/hw-343218",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-05106",
  "openTime": "2017-04-23",
  "patchDescription": "\u534e\u4e3aCampus\u4ea4\u6362\u673a\u662f\u534e\u4e3a\u63a8\u51fa\u7684\u7cfb\u5217\u4ea4\u6362\u673a\u3002\r\n\r\n\u534e\u4e3aCampus\u7cfb\u5217\u4ea4\u6362\u673a\u5b58\u5728\u5806\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff0c\u5141\u8bb8\u653b\u51fb\u8005\u901a\u8fc7\u6301\u7eed\u53d1\u9001\u7578\u5f62\u6570\u636e\u5305\u8fdb\u884c\u62d2\u7edd\u670d\u52a1\u653b\u51fb\uff08\u5806\u6ea2\u51fa\uff09\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "\u534e\u4e3aCampus\u7cfb\u5217\u4ea4\u6362\u673a\u5806\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Huawei S7700 V200R001C00SPC300",
      "Huawei S9300 V200R001C00SPC300",
      "Huawei S9300 V200R002C00SPC100",
      "Huawei S9300 V200R003C00SPC300",
      "Huawei campus s3700hi V200R001C00SPC300",
      "Huawei S5700 V200R001C00SPC300",
      "Huawei S5700 V200R003C00SPC300",
      "Huawei S6700 S3300HI V200R001C00SPC300",
      "Huawei S5300 V200R001C00SPC300",
      "Huawei S5300 V200R003C00SPC300",
      "Huawei S5300 V200R002C00SPC100",
      "Huawei S6300 V200R001C00SPC300",
      "Huawei S6300 V200R003C00SPC300",
      "Huawei S6300 V200R002C00SPC100",
      "Huawei S7700 V200R001C00SPC300",
      "Huawei LSW S9700 V200R001C00SPC300",
      "Huawei LSW S9700 V200R003C00SPC300",
      "Huawei LSW S9700 V200R003C00SPC500",
      "Huawei Campus S5700 V200R002C00SPC100",
      "Huawei S9300E V200R002C00SPC100",
      "Huawei S9300E V200R003C00SPC300",
      "Huawei S6700 V200R002C00SPC100",
      "Huawei S6700 V200R003C00SPC300",
      "Huawei Campus S7700 V200R002C00SPC100",
      "Huawei Campus S7700 V200R003C00SPC300",
      "Huawei S2750 V200R003C00SPC300",
      "Huawei S2350EI V200R003C00SPC300"
    ]
  },
  "referenceLink": "http://www.huawei.com/en/psirt/security-advisories/hw-343218",
  "serverity": "\u9ad8",
  "submitTime": "2017-04-06",
  "title": "\u534e\u4e3aCampus\u7cfb\u5217\u4ea4\u6362\u673a\u5806\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e"
}

CVE-2014-4706 (GCVE-0-2014-4706)

Vulnerability from cvelistv5

Published

2017-04-02 20:00

Modified

2024-08-06 11:27

Severity ?

CWE

Heap Overflow

Summary

Huawei Campus S3700HI with software V200R001C00SPC300; Campus S5700 with software V200R002C00SPC100; Campus S7700 with software V200R003C00SPC300,V200R003C00SPC500; LSW S9700 with software V200R001C00SPC300,V200R003C00SPC300,V200R003C00SPC500; S2350 with software V200R003C00SPC300; S2750 with software V200R003C00SPC300; S5300 with software V200R001C00SPC300,V200R002C00SPC100,V200R003C00SPC300; S5700 with software V200R001C00SPC300,V200R003C00SPC300; S6300 with software V200R001C00SPC300,V200R002C00SPC100,V200R003C00SPC300; S6700 S3300HI with software V200R001C00SPC300,V200R002C00SPC100,V200R003C00SPC300; S7700 with software V200R001C00SPC300; S9300 with software V200R001C00SPC300,V200R003C00SPC300,V200R003C00SPC500; S9300E with software V200R003C00SPC300,V200R003C00SPC500 allow attackers to keep sending malformed packets to cause a denial of service (DoS) attack, aka a heap overflow.

References

▼	URL	Tags
	http://www.huawei.com/en/psirt/security-advisories/hw-343218	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	Campus S3700HI, S5700, S6700 S3300HI, S5300, S6300, S9300, S7700,LSW S9700,Campus S5700, S6700,Campus S7700, S9300E, S2350, S2750,S9300,S9300E, Campus S3700HI with software V200R001C00SPC300,Campus S5700 with software V200R002C00SPC100,Campus S7700 with software V200R003C00SPC300,V200R003C00SPC500,LSW S9700 with software V200R001C00SPC300,V200R003C00SPC300,V200R003C00SPC500,S2350 with software V200R003C00SPC300,S2750 with software V200R003C00SPC300,S5300 with software V200R001C00SPC300,V200R002C00SPC100,V200R003C00SPC300,S5700 with software V200R001C00SPC300,V200R003C00SPC300,S6300 with software V200R001C00SPC300,V200R002C00SPC100,V200R003C00SPC300,S6700 S3300HI with software V200R001C00SPC300,V200R002C00SPC100,V200R003C00SPC300,S7700 with software V200R001C00SPC300,S9300 with software V200R001C00SPC300,V200R003C00SPC300,V200R003C00SPC500,S9300E with software V200R003C00SPC300,V200R003C00SPC500,	Version: Campus S3700HI, S5700, S6700 S3300HI, S5300, S6300, S9300, S7700,LSW S9700,Campus S5700, S6700,Campus S7700, S9300E, S2350, S2750,S9300,S9300E, Campus S3700HI with software V200R001C00SPC300,Campus S5700 with software V200R002C00SPC100,Campus S7700 with software V200R003C00SPC300,V200R003C00SPC500,LSW S9700 with software V200R001C00SPC300,V200R003C00SPC300,V200R003C00SPC500,S2350 with software V200R003C00SPC300,S2750 with software V200R003C00SPC300,S5300 with software V200R001C00SPC300,V200R002C00SPC100,V200R003C00SPC300,S5700 with software V200R001C00SPC300,V200R003C00SPC300,S6300 with software V200R001C00SPC300,V200R002C00SPC100,V200R003C00SPC300,S6700 S3300HI with software V200R001C00SPC300,V200R002C00SPC100,V200R003C00SPC300,S7700 with software V200R001C00SPC300,S9300 with software V200R001C00SPC300,V200R003C00SPC300,V200R003C00SPC500,S9300E with software V200R003C00SPC300,V200R003C00SPC500,

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T11:27:36.889Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.huawei.com/en/psirt/security-advisories/hw-343218"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Campus S3700HI, S5700, S6700 S3300HI, S5300, S6300, S9300, S7700,LSW S9700,Campus S5700, S6700,Campus S7700, S9300E, S2350, S2750,S9300,S9300E, Campus S3700HI with software V200R001C00SPC300,Campus S5700 with software V200R002C00SPC100,Campus S7700 with software V200R003C00SPC300,V200R003C00SPC500,LSW S9700 with software V200R001C00SPC300,V200R003C00SPC300,V200R003C00SPC500,S2350 with software V200R003C00SPC300,S2750 with software V200R003C00SPC300,S5300 with software V200R001C00SPC300,V200R002C00SPC100,V200R003C00SPC300,S5700 with software V200R001C00SPC300,V200R003C00SPC300,S6300 with software V200R001C00SPC300,V200R002C00SPC100,V200R003C00SPC300,S6700 S3300HI with software V200R001C00SPC300,V200R002C00SPC100,V200R003C00SPC300,S7700 with software V200R001C00SPC300,S9300 with software V200R001C00SPC300,V200R003C00SPC300,V200R003C00SPC500,S9300E with software V200R003C00SPC300,V200R003C00SPC500,",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Campus S3700HI, S5700, S6700 S3300HI, S5300, S6300, S9300, S7700,LSW S9700,Campus S5700, S6700,Campus S7700, S9300E, S2350, S2750,S9300,S9300E, Campus S3700HI with software V200R001C00SPC300,Campus S5700 with software V200R002C00SPC100,Campus S7700 with software V200R003C00SPC300,V200R003C00SPC500,LSW S9700 with software V200R001C00SPC300,V200R003C00SPC300,V200R003C00SPC500,S2350 with software V200R003C00SPC300,S2750 with software V200R003C00SPC300,S5300 with software V200R001C00SPC300,V200R002C00SPC100,V200R003C00SPC300,S5700 with software V200R001C00SPC300,V200R003C00SPC300,S6300 with software V200R001C00SPC300,V200R002C00SPC100,V200R003C00SPC300,S6700 S3300HI with software V200R001C00SPC300,V200R002C00SPC100,V200R003C00SPC300,S7700 with software V200R001C00SPC300,S9300 with software V200R001C00SPC300,V200R003C00SPC300,V200R003C00SPC500,S9300E with software V200R003C00SPC300,V200R003C00SPC500,"
            }
          ]
        }
      ],
      "datePublic": "2017-03-27T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Huawei Campus S3700HI with software V200R001C00SPC300; Campus S5700 with software V200R002C00SPC100; Campus S7700 with software V200R003C00SPC300,V200R003C00SPC500; LSW S9700 with software V200R001C00SPC300,V200R003C00SPC300,V200R003C00SPC500; S2350 with software V200R003C00SPC300; S2750 with software V200R003C00SPC300; S5300 with software V200R001C00SPC300,V200R002C00SPC100,V200R003C00SPC300; S5700 with software V200R001C00SPC300,V200R003C00SPC300; S6300 with software V200R001C00SPC300,V200R002C00SPC100,V200R003C00SPC300; S6700 S3300HI with software V200R001C00SPC300,V200R002C00SPC100,V200R003C00SPC300; S7700 with software V200R001C00SPC300; S9300 with software V200R001C00SPC300,V200R003C00SPC300,V200R003C00SPC500; S9300E with software V200R003C00SPC300,V200R003C00SPC500 allow attackers to keep sending malformed packets to cause a denial of service (DoS) attack, aka a heap overflow."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Heap Overflow",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-04-02T19:57:01",
        "orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
        "shortName": "huawei"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.huawei.com/en/psirt/security-advisories/hw-343218"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@huawei.com",
          "ID": "CVE-2014-4706",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Campus S3700HI, S5700, S6700 S3300HI, S5300, S6300, S9300, S7700,LSW S9700,Campus S5700, S6700,Campus S7700, S9300E, S2350, S2750,S9300,S9300E, Campus S3700HI with software V200R001C00SPC300,Campus S5700 with software V200R002C00SPC100,Campus S7700 with software V200R003C00SPC300,V200R003C00SPC500,LSW S9700 with software V200R001C00SPC300,V200R003C00SPC300,V200R003C00SPC500,S2350 with software V200R003C00SPC300,S2750 with software V200R003C00SPC300,S5300 with software V200R001C00SPC300,V200R002C00SPC100,V200R003C00SPC300,S5700 with software V200R001C00SPC300,V200R003C00SPC300,S6300 with software V200R001C00SPC300,V200R002C00SPC100,V200R003C00SPC300,S6700 S3300HI with software V200R001C00SPC300,V200R002C00SPC100,V200R003C00SPC300,S7700 with software V200R001C00SPC300,S9300 with software V200R001C00SPC300,V200R003C00SPC300,V200R003C00SPC500,S9300E with software V200R003C00SPC300,V200R003C00SPC500,",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Campus S3700HI, S5700, S6700 S3300HI, S5300, S6300, S9300, S7700,LSW S9700,Campus S5700, S6700,Campus S7700, S9300E, S2350, S2750,S9300,S9300E, Campus S3700HI with software V200R001C00SPC300,Campus S5700 with software V200R002C00SPC100,Campus S7700 with software V200R003C00SPC300,V200R003C00SPC500,LSW S9700 with software V200R001C00SPC300,V200R003C00SPC300,V200R003C00SPC500,S2350 with software V200R003C00SPC300,S2750 with software V200R003C00SPC300,S5300 with software V200R001C00SPC300,V200R002C00SPC100,V200R003C00SPC300,S5700 with software V200R001C00SPC300,V200R003C00SPC300,S6300 with software V200R001C00SPC300,V200R002C00SPC100,V200R003C00SPC300,S6700 S3300HI with software V200R001C00SPC300,V200R002C00SPC100,V200R003C00SPC300,S7700 with software V200R001C00SPC300,S9300 with software V200R001C00SPC300,V200R003C00SPC300,V200R003C00SPC500,S9300E with software V200R003C00SPC300,V200R003C00SPC500,"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Huawei Campus S3700HI with software V200R001C00SPC300; Campus S5700 with software V200R002C00SPC100; Campus S7700 with software V200R003C00SPC300,V200R003C00SPC500; LSW S9700 with software V200R001C00SPC300,V200R003C00SPC300,V200R003C00SPC500; S2350 with software V200R003C00SPC300; S2750 with software V200R003C00SPC300; S5300 with software V200R001C00SPC300,V200R002C00SPC100,V200R003C00SPC300; S5700 with software V200R001C00SPC300,V200R003C00SPC300; S6300 with software V200R001C00SPC300,V200R002C00SPC100,V200R003C00SPC300; S6700 S3300HI with software V200R001C00SPC300,V200R002C00SPC100,V200R003C00SPC300; S7700 with software V200R001C00SPC300; S9300 with software V200R001C00SPC300,V200R003C00SPC300,V200R003C00SPC500; S9300E with software V200R003C00SPC300,V200R003C00SPC500 allow attackers to keep sending malformed packets to cause a denial of service (DoS) attack, aka a heap overflow."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Heap Overflow"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.huawei.com/en/psirt/security-advisories/hw-343218",
              "refsource": "CONFIRM",
              "url": "http://www.huawei.com/en/psirt/security-advisories/hw-343218"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
    "assignerShortName": "huawei",
    "cveId": "CVE-2014-4706",
    "datePublished": "2017-04-02T20:00:00",
    "dateReserved": "2014-07-01T00:00:00",
    "dateUpdated": "2024-08-06T11:27:36.889Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted