Sign-up

ID

VAR-201712-1129


TITLE

Dahua Play Library SDK dhplay.dll has a buffer overflow vulnerability

Trust: 0.6

sources: CNVD: CNVD-2017-34402

DESCRIPTION

Dahua Player Library SDK is a supporting product for all equipment of Zhejiang Dahua Technology Co., Ltd. It supports all the stream formats of the company's equipment. There is a buffer overflow vulnerability in dhplay.dll of Dahua Play Library SDK. The vulnerability is caused by the deformed file causing the copy length to be larger than the actual length when DHPLAY.DLL is copying an array. An attacker could use this vulnerability to cause out-of-bounds access.

Trust: 0.6

sources: CNVD: CNVD-2017-34402

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-34402

AFFECTED PRODUCTS

vendor:dahuamodel:play library sdk sdk win32 v3.39.0 20161102scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2017-34402

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD: CNVD-2017-34402
value: LOW

Trust: 0.6

CNVD: CNVD-2017-34402
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:N/I:N/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

sources: CNVD: CNVD-2017-34402

PATCH

title:General_PlaySDKurl:https://www.cnvd.org.cn/patchinfo/show/105944

Trust: 0.6

sources: CNVD: CNVD-2017-34402

EXTERNAL IDS

db:CNVDid:CNVD-2017-34402

Trust: 0.6

sources: CNVD: CNVD-2017-34402

SOURCES

db:CNVDid:CNVD-2017-34402

LAST UPDATE DATE

2022-05-04T09:47:27.751000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2017-34402date:2017-12-04T00:00:00

SOURCES RELEASE DATE

db:CNVDid:CNVD-2017-34402date:2017-12-12T00:00:00