There is a double free vulnerability in some Huawei products. A local attacker with low privilege may perform some operations to exploit the vulnerability. Due to doubly freeing memory, successful exploit may cause some service abnormal. Affected product versions include:CampusInsight versions V100R019C00;ManageOne versions 6.5.RC2.B050.
The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Campusinsight | Huawei | v100r019c00 (including) | v100r019c00 (including) |
Manageone | Huawei | 6.5-rc2.b050 (including) | 6.5-rc2.b050 (including) |