Details of VAR-202101-1002

ID

VAR-202101-1002

CVE

CVE-2020-9142

TITLE

plural Huawei Vulnerability regarding out-of-bounds writing on smartphones

Trust: 0.8

sources: JVNDB: JVNDB-2020-015408

DESCRIPTION

There is a heap base buffer overflow vulnerability in some Huawei smartphone.Successful exploitation of this vulnerability can cause heap overflow and memory overwriting when the system incorrectly processes the update file. plural Huawei Smartphones contain a vulnerability related to out-of-bounds writing.Information is tampered with and denial of service (DoS) It may be put into a state. Huawei Emui is an Android-based mobile operating system developed by Huawei in China. Honor Magic Ui is an Android-based mobile operating system developed by China Honor Company. Various Huawei and Honor mobile device operating systems have buffer error vulnerabilities. The following products and models are affected: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1

Trust: 1.71

sources: NVD: CVE-2020-9142 // JVNDB: JVNDB-2020-015408 // VULHUB: VHN-187267

AFFECTED PRODUCTS

vendor:	huawei	model:	magic ui	scope:	eq	version:	3.1.0	Trust: 1.0
vendor:	huawei	model:	emui	scope:	eq	version:	9.1.0	Trust: 1.0
vendor:	huawei	model:	magic ui	scope:	eq	version:	2.1.1	Trust: 1.0
vendor:	huawei	model:	emui	scope:	eq	version:	9.1.1	Trust: 1.0
vendor:	huawei	model:	magic ui	scope:	eq	version:	3.0.0	Trust: 1.0
vendor:	huawei	model:	emui	scope:	eq	version:	10.1.0	Trust: 1.0
vendor:	huawei	model:	emui	scope:	eq	version:	11.0.0	Trust: 1.0
vendor:	huawei	model:	emui	scope:	eq	version:	10.0.0	Trust: 1.0
vendor:	huawei	model:	magic ui	scope:	eq	version:	4.0.0	Trust: 1.0
vendor:	huawei	model:	magic ui	scope:	eq	version:	3.1.1	Trust: 1.0
vendor:	huawei	model:	emui	scope:	eq	version:	10.1.1	Trust: 1.0
vendor:	huawei	model:	emui	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	magic ui	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2020-015408 // NVD: CVE-2020-9142

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-9142
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2020-9142
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-202101-1098
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-187267
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2020-9142
severity:	MEDIUM
baseScore:	6.4
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-187267
severity:	MEDIUM
baseScore:	6.4
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-9142
baseSeverity:	CRITICAL
baseScore:	9.1
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.2
version:	3.1
Trust: 1.0
NVD:	CVE-2020-9142
baseSeverity:	CRITICAL
baseScore:	9.1
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-187267 // JVNDB: JVNDB-2020-015408 // CNNVD: CNNVD-202101-1098 // NVD: CVE-2020-9142

PROBLEMTYPE DATA

problemtype:	CWE-787	Trust: 1.1
problemtype:	Out-of-bounds writing (CWE-787) [NVD Evaluation ]	Trust: 0.8

sources: VULHUB: VHN-187267 // JVNDB: JVNDB-2020-015408 // NVD: CVE-2020-9142

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202101-1098

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202101-1098

PATCH

title:	Huawei EMUI/Magic UI security updates Dec-20	url:	https://consumer.huawei.com/en/support/bulletin/2020/12/	Trust: 0.8
title:	Huawei Emui and Honor Magic Ui Buffer error vulnerability fix	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=139458	Trust: 0.6

sources: JVNDB: JVNDB-2020-015408 // CNNVD: CNNVD-202101-1098

EXTERNAL IDS

db:	NVD	id:	CVE-2020-9142	Trust: 2.5
db:	JVNDB	id:	JVNDB-2020-015408	Trust: 0.8
db:	CNNVD	id:	CNNVD-202101-1098	Trust: 0.7
db:	VULHUB	id:	VHN-187267	Trust: 0.1

sources: VULHUB: VHN-187267 // JVNDB: JVNDB-2020-015408 // CNNVD: CNNVD-202101-1098 // NVD: CVE-2020-9142

REFERENCES

url:	https://consumer.huawei.com/en/support/bulletin/2020/12/	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9142	Trust: 1.4

sources: VULHUB: VHN-187267 // JVNDB: JVNDB-2020-015408 // CNNVD: CNNVD-202101-1098 // NVD: CVE-2020-9142

SOURCES

db:	VULHUB	id:	VHN-187267
db:	JVNDB	id:	JVNDB-2020-015408
db:	CNNVD	id:	CNNVD-202101-1098
db:	NVD	id:	CVE-2020-9142

LAST UPDATE DATE

2024-08-14T14:31:53.200000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-187267	date:	2021-01-19T00:00:00
db:	JVNDB	id:	JVNDB-2020-015408	date:	2021-09-21T09:03:00
db:	CNNVD	id:	CNNVD-202101-1098	date:	2021-01-21T00:00:00
db:	NVD	id:	CVE-2020-9142	date:	2021-01-19T14:45:28.930

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-187267	date:	2021-01-13T00:00:00
db:	JVNDB	id:	JVNDB-2020-015408	date:	2021-09-21T00:00:00
db:	CNNVD	id:	CNNVD-202101-1098	date:	2021-01-13T00:00:00
db:	NVD	id:	CVE-2020-9142	date:	2021-01-13T22:15:14.130