Details of VAR-202104-0439

ID

VAR-202104-0439

CVE

CVE-2021-22332

TITLE

Huawei's multiple product pointers double release loopholes

Trust: 0.6

sources: CNVD: CNVD-2021-36022

DESCRIPTION

There is a pointer double free vulnerability in some versions of CloudEngine 5800, CloudEngine 6800, CloudEngine 7800 and CloudEngine 12800. When a function is called, the same memory pointer is copied to two functional modules. Attackers can exploit this vulnerability by performing a malicious operation to cause the pointer double free. This may lead to module crash, compromising normal service. Huawei CloudEngine 6800, etc. are all products of China's Huawei (Huawei) company. CloudEngine 6800 is a 6800 series of 10 Gigabit Ethernet switches for data centers. Huawei CloudEngine 12800 is a 12800 series data center switch. Huawei Cloudengine 5800 is a 5800 series data center switch

Trust: 1.53

sources: NVD: CVE-2021-22332 // CNVD: CNVD-2021-36022 // VULMON: CVE-2021-22332

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2021-36022

AFFECTED PRODUCTS

vendor:	huawei	model:	cloudengine 5800	scope:	eq	version:	v200r003c00spc810	Trust: 1.0
vendor:	huawei	model:	cloudengine 12800	scope:	eq	version:	v200r003c00spc810	Trust: 1.0
vendor:	huawei	model:	cloudengine 7800	scope:	eq	version:	v200r002c50spc800	Trust: 1.0
vendor:	huawei	model:	cloudengine 7800	scope:	eq	version:	v200r003c00spc810	Trust: 1.0
vendor:	huawei	model:	cloudengine 7800	scope:	eq	version:	v200r005c00spc800	Trust: 1.0
vendor:	huawei	model:	cloudengine 6800	scope:	eq	version:	v200r003c00spc810	Trust: 1.0
vendor:	huawei	model:	cloudengine 7800	scope:	eq	version:	v200r005c10spc800	Trust: 1.0
vendor:	huawei	model:	cloudengine 5800	scope:	eq	version:	v200r002c50spc800	Trust: 1.0
vendor:	huawei	model:	cloudengine 5800	scope:	eq	version:	v200r005c10spc800	Trust: 1.0
vendor:	huawei	model:	cloudengine 12800	scope:	eq	version:	v200r002c50spc800	Trust: 1.0
vendor:	huawei	model:	cloudengine 12800	scope:	eq	version:	v200r005c00spc800	Trust: 1.0
vendor:	huawei	model:	cloudengine 5800	scope:	eq	version:	v200r005c00spc800	Trust: 1.0
vendor:	huawei	model:	cloudengine 6800	scope:	eq	version:	v200r002c50spc800	Trust: 1.0
vendor:	huawei	model:	cloudengine 12800	scope:	eq	version:	v200r005c10spc800	Trust: 1.0
vendor:	huawei	model:	cloudengine 6800	scope:	eq	version:	v200r005c00spc800	Trust: 1.0
vendor:	huawei	model:	cloudengine 6800	scope:	eq	version:	v200r005c10spc800	Trust: 1.0
vendor:	huawei	model:	cloudengine v200r002c50spc800	scope:	eq	version:	12800	Trust: 0.6
vendor:	huawei	model:	cloudengine v200r003c00spc810	scope:	eq	version:	12800	Trust: 0.6
vendor:	huawei	model:	cloudengine v200r005c00spc800	scope:	eq	version:	12800	Trust: 0.6
vendor:	huawei	model:	cloudengine v200r005c10spc800	scope:	eq	version:	12800	Trust: 0.6
vendor:	huawei	model:	cloudengine v200r002c50spc800	scope:	eq	version:	5800	Trust: 0.6
vendor:	huawei	model:	cloudengine v200r003c00spc810	scope:	eq	version:	5800	Trust: 0.6
vendor:	huawei	model:	cloudengine v200r005c00spc800	scope:	eq	version:	5800	Trust: 0.6
vendor:	huawei	model:	cloudengine v200r005c10spc800	scope:	eq	version:	5800	Trust: 0.6
vendor:	huawei	model:	cloudengine v200r002c50spc800	scope:	eq	version:	7800	Trust: 0.6
vendor:	huawei	model:	cloudengine v200r003c00spc810	scope:	eq	version:	7800	Trust: 0.6
vendor:	huawei	model:	cloudengine v200r005c00spc800	scope:	eq	version:	7800	Trust: 0.6
vendor:	huawei	model:	cloudengine v200r005c10spc800	scope:	eq	version:	7800	Trust: 0.6

sources: CNVD: CNVD-2021-36022 // NVD: CVE-2021-22332

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-22332
value:	HIGH
Trust: 1.0
CNVD:	CNVD-2021-36022
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202104-464
value:	HIGH
Trust: 0.6
VULMON:	CVE-2021-22332
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-22332
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
CNVD:	CNVD-2021-36022
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2021-22332
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0

sources: CNVD: CNVD-2021-36022 // VULMON: CVE-2021-22332 // CNNVD: CNNVD-202104-464 // NVD: CVE-2021-22332

PROBLEMTYPE DATA

problemtype:

CWE-415

Trust: 1.0

sources: NVD: CVE-2021-22332

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202104-464

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-202104-464

PATCH

title:	Patch for Huawei's multiple product pointers double release loopholes	url:	https://www.cnvd.org.cn/patchInfo/show/265821	Trust: 0.6
title:	Huawei products Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=146805	Trust: 0.6

sources: CNVD: CNVD-2021-36022 // CNNVD: CNNVD-202104-464

EXTERNAL IDS

db:	NVD	id:	CVE-2021-22332	Trust: 2.3
db:	CNVD	id:	CNVD-2021-36022	Trust: 0.6
db:	CNNVD	id:	CNNVD-202104-464	Trust: 0.6
db:	VULMON	id:	CVE-2021-22332	Trust: 0.1

sources: CNVD: CNVD-2021-36022 // VULMON: CVE-2021-22332 // CNNVD: CNNVD-202104-464 // NVD: CVE-2021-22332

REFERENCES

url:	https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210407-01-doublefree-en	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2021-22332	Trust: 1.2
url:	https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20210407-01-doublefree-cn	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/415.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2021-36022 // VULMON: CVE-2021-22332 // CNNVD: CNNVD-202104-464 // NVD: CVE-2021-22332

SOURCES

db:	CNVD	id:	CNVD-2021-36022
db:	VULMON	id:	CVE-2021-22332
db:	CNNVD	id:	CNNVD-202104-464
db:	NVD	id:	CVE-2021-22332

LAST UPDATE DATE

2024-11-23T22:29:16.999000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2021-36022	date:	2021-05-20T00:00:00
db:	VULMON	id:	CVE-2021-22332	date:	2021-05-08T00:00:00
db:	CNNVD	id:	CNNVD-202104-464	date:	2021-05-10T00:00:00
db:	NVD	id:	CVE-2021-22332	date:	2024-11-21T05:49:55.723

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2021-36022	date:	2021-05-20T00:00:00
db:	VULMON	id:	CVE-2021-22332	date:	2021-04-28T00:00:00
db:	CNNVD	id:	CNNVD-202104-464	date:	2021-04-07T00:00:00
db:	NVD	id:	CVE-2021-22332	date:	2021-04-28T13:15:08.277