Details of VAR-202102-0645

ID

VAR-202102-0645

CVE

CVE-2021-22305

TITLE

Mate 30 Buffer Overflow Vulnerability in Linux

Trust: 0.8

sources: JVNDB: JVNDB-2021-003373

DESCRIPTION

There is a buffer overflow vulnerability in Mate 30 10.1.0.126(C00E125R5P3). A module does not verify the some input when dealing with messages. Attackers can exploit this vulnerability by sending malicious input through specific module. This could cause buffer overflow, compromising normal service. Huawei Mate 30 is a smart phone of China's Huawei (Huawei) company. The vulnerability stems from the program not validating the input correctly

Trust: 2.25

sources: NVD: CVE-2021-22305 // JVNDB: JVNDB-2021-003373 // CNVD: CNVD-2021-07519 // VULMON: CVE-2021-22305

IOT TAXONOMY

category:

['IoT']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2021-07519

AFFECTED PRODUCTS

vendor:	huawei	model:	mate 30	scope:	eq	version:	10.1.0.126\(c00e125r5p3\)	Trust: 1.0
vendor:	huawei	model:	mate 30	scope:	eq	version:	-	Trust: 0.8
vendor:	huawei	model:	mate 30	scope:	eq	version:	mate 30 firmware 10.1.0.126 (c00e125r5p3)	Trust: 0.8
vendor:	huawei	model:	mate 10.1.0.126	scope:	eq	version:	30	Trust: 0.6

sources: CNVD: CNVD-2021-07519 // JVNDB: JVNDB-2021-003373 // NVD: CVE-2021-22305

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-22305
value:	LOW
Trust: 1.0
NVD:	CVE-2021-22305
value:	LOW
Trust: 0.8
CNVD:	CNVD-2021-07519
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202102-558
value:	LOW
Trust: 0.6

nvd@nist.gov:	CVE-2021-22305
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:N/I:N/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2021-07519
severity:	MEDIUM
baseScore:	4.9
vectorString:	AV:L/AC:L/AU:N/C:N/I:N/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2021-22305
baseSeverity:	LOW
baseScore:	3.3
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	LOW
exploitabilityScore:	1.8
impactScore:	1.4
version:	3.1
Trust: 1.0
NVD:	CVE-2021-22305
baseSeverity:	LOW
baseScore:	3.3
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	LOW
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2021-07519 // JVNDB: JVNDB-2021-003373 // CNNVD: CNNVD-202102-558 // NVD: CVE-2021-22305

PROBLEMTYPE DATA

problemtype:	CWE-120	Trust: 1.0
problemtype:	Classic buffer overflow (CWE-120) [NVD Evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-003373 // NVD: CVE-2021-22305

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202102-558

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-202102-558

PATCH

title:	huawei-sa-20210127-04-smartphone	url:	https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210127-04-smartphone-en	Trust: 0.8
title:	Patch for Huawei Mate 30 stack overflow vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/246006	Trust: 0.6
title:	Huawei Mate 30 Remediation of resource management error vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=141726	Trust: 0.6

sources: CNVD: CNVD-2021-07519 // JVNDB: JVNDB-2021-003373 // CNNVD: CNNVD-202102-558

EXTERNAL IDS

db:	NVD	id:	CVE-2021-22305	Trust: 3.1
db:	JVNDB	id:	JVNDB-2021-003373	Trust: 0.8
db:	CNVD	id:	CNVD-2021-07519	Trust: 0.6
db:	CNNVD	id:	CNNVD-202102-558	Trust: 0.6
db:	VULMON	id:	CVE-2021-22305	Trust: 0.1

sources: CNVD: CNVD-2021-07519 // VULMON: CVE-2021-22305 // JVNDB: JVNDB-2021-003373 // CNNVD: CNNVD-202102-558 // NVD: CVE-2021-22305

REFERENCES

url:	https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210127-04-smartphone-en	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2021-22305	Trust: 1.4
url:	https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20210127-04-smartphone-cn	Trust: 0.6
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2021-07519 // VULMON: CVE-2021-22305 // JVNDB: JVNDB-2021-003373 // CNNVD: CNNVD-202102-558 // NVD: CVE-2021-22305

SOURCES

db:	CNVD	id:	CNVD-2021-07519
db:	VULMON	id:	CVE-2021-22305
db:	JVNDB	id:	JVNDB-2021-003373
db:	CNNVD	id:	CNNVD-202102-558
db:	NVD	id:	CVE-2021-22305

LAST UPDATE DATE

2024-11-23T22:20:52.726000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2021-07519	date:	2021-01-31T00:00:00
db:	VULMON	id:	CVE-2021-22305	date:	2021-02-10T00:00:00
db:	JVNDB	id:	JVNDB-2021-003373	date:	2021-10-25T08:31:00
db:	CNNVD	id:	CNNVD-202102-558	date:	2021-02-18T00:00:00
db:	NVD	id:	CVE-2021-22305	date:	2024-11-21T05:49:52.660

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2021-07519	date:	2021-01-31T00:00:00
db:	VULMON	id:	CVE-2021-22305	date:	2021-02-06T00:00:00
db:	JVNDB	id:	JVNDB-2021-003373	date:	2021-10-25T00:00:00
db:	CNNVD	id:	CNNVD-202102-558	date:	2021-02-05T00:00:00
db:	NVD	id:	CVE-2021-22305	date:	2021-02-06T03:15:12.953