Details of VAR-202104-0435

ID

VAR-202104-0435

CVE

CVE-2021-22327

TITLE

Huawei P30 memory write vulnerability

Trust: 0.6

sources: CNVD: CNVD-2021-24911

DESCRIPTION

There is an arbitrary memory write vulnerability in Huawei smart phone when processing file parsing. Due to insufficient validation of the input files, successful exploit could cause certain service abnormal. Affected product versions include:HUAWEI P30 versions 10.0.0.186(C10E7R5P1), 10.0.0.186(C461E4R3P1), 10.0.0.188(C00E85R2P11), 10.0.0.188(C01E88R2P11),10.0.0.188(C605E19R1P3), 10.0.0.190(C185E4R7P1), 10.0.0.190(C431E22R2P5), 10.0.0.190(C432E22R2P5),10.0.0.190(C605E19R1P3), 10.0.0.190(C636E4R3P4), 10.0.0.192(C635E3R2P4). Huawei P30 is a smart phone of China's Huawei (Huawei) company. The vulnerability stems from the program's failure to properly validate the input file. Attackers use this vulnerability to cause abnormal program services

Trust: 1.53

sources: NVD: CVE-2021-22327 // CNVD: CNVD-2021-24911 // VULMON: CVE-2021-22327

IOT TAXONOMY

category:

['IoT']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2021-24911

AFFECTED PRODUCTS

vendor:	huawei	model:	p30 10.0.0.190	scope:	-	version:	-	Trust: 3.0
vendor:	huawei	model:	p30 10.0.0.188	scope:	-	version:	-	Trust: 1.8
vendor:	huawei	model:	p30 10.0.0.186	scope:	-	version:	-	Trust: 1.2
vendor:	huawei	model:	p30	scope:	eq	version:	10.0.0.186\(c461e4r3p1\)	Trust: 1.0
vendor:	huawei	model:	p30	scope:	eq	version:	10.0.0.190\(c185e4r7p1\)	Trust: 1.0
vendor:	huawei	model:	p30	scope:	eq	version:	10.0.0.188\(c00e85r2p11\)	Trust: 1.0
vendor:	huawei	model:	p30	scope:	eq	version:	10.0.0.188\(c01e88r2p11\)	Trust: 1.0
vendor:	huawei	model:	p30	scope:	eq	version:	10.0.0.190\(c636e4r3p4\)	Trust: 1.0
vendor:	huawei	model:	p30	scope:	eq	version:	10.0.0.186\(c10e7r5p1\)	Trust: 1.0
vendor:	huawei	model:	p30	scope:	eq	version:	10.0.0.190\(c605e19r1p3\)	Trust: 1.0
vendor:	huawei	model:	p30	scope:	eq	version:	10.0.0.192\(c635e3r2p4\)	Trust: 1.0
vendor:	huawei	model:	p30	scope:	eq	version:	10.0.0.188\(c605e19r1p3\)	Trust: 1.0
vendor:	huawei	model:	p30	scope:	eq	version:	10.0.0.190\(c431e22r2p5\)	Trust: 1.0
vendor:	huawei	model:	p30	scope:	eq	version:	10.0.0.190\(c432e22r2p5\)	Trust: 1.0
vendor:	huawei	model:	p30 10.0.0.192	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2021-24911 // NVD: CVE-2021-22327

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-22327
value:	MEDIUM
Trust: 1.0
CNVD:	CNVD-2021-24911
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202103-1737
value:	MEDIUM
Trust: 0.6
VULMON:	CVE-2021-22327
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-22327
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
CNVD:	CNVD-2021-24911
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2021-22327
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.1
Trust: 1.0

sources: CNVD: CNVD-2021-24911 // VULMON: CVE-2021-22327 // CNNVD: CNNVD-202103-1737 // NVD: CVE-2021-22327

PROBLEMTYPE DATA

problemtype:

CWE-787

Trust: 1.0

sources: NVD: CVE-2021-22327

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202103-1737

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202103-1737

PATCH

title:	Patch for Huawei P30 memory write vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/255971	Trust: 0.6
title:	Huawei P30 Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=146098	Trust: 0.6

sources: CNVD: CNVD-2021-24911 // CNNVD: CNNVD-202103-1737

EXTERNAL IDS

db:	NVD	id:	CVE-2021-22327	Trust: 2.3
db:	CNVD	id:	CNVD-2021-24911	Trust: 0.6
db:	CNNVD	id:	CNNVD-202103-1737	Trust: 0.6
db:	VULMON	id:	CVE-2021-22327	Trust: 0.1

sources: CNVD: CNVD-2021-24911 // VULMON: CVE-2021-22327 // CNNVD: CNNVD-202103-1737 // NVD: CVE-2021-22327

REFERENCES

url:	https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210331-01-smartphone-en	Trust: 1.7
url:	https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20210331-01-smartphone-cn	Trust: 1.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-22327	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/787.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2021-24911 // VULMON: CVE-2021-22327 // CNNVD: CNNVD-202103-1737 // NVD: CVE-2021-22327

SOURCES

db:	CNVD	id:	CNVD-2021-24911
db:	VULMON	id:	CVE-2021-22327
db:	CNNVD	id:	CNNVD-202103-1737
db:	NVD	id:	CVE-2021-22327

LAST UPDATE DATE

2024-11-23T22:51:01.670000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2021-24911	date:	2021-04-04T00:00:00
db:	VULMON	id:	CVE-2021-22327	date:	2021-05-08T00:00:00
db:	CNNVD	id:	CNNVD-202103-1737	date:	2021-05-10T00:00:00
db:	NVD	id:	CVE-2021-22327	date:	2024-11-21T05:49:55.117

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2021-24911	date:	2021-04-04T00:00:00
db:	VULMON	id:	CVE-2021-22327	date:	2021-04-28T00:00:00
db:	CNNVD	id:	CNNVD-202103-1737	date:	2021-03-31T00:00:00
db:	NVD	id:	CVE-2021-22327	date:	2021-04-28T12:15:08.223