Details of VAR-202108-0288

ID

VAR-202108-0288

CVE

CVE-2021-22422

TITLE

HarmonyOS Integer overflow vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2021-009365

DESCRIPTION

A component of the HarmonyOS has a Integer Overflow or Wraparound vulnerability. Local attackers may exploit this vulnerability to cause memory overwriting. HarmonyOS Exists in an integer overflow vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state

Trust: 1.8

sources: NVD: CVE-2021-22422 // JVNDB: JVNDB-2021-009365 // VULHUB: VHN-380857 // VULMON: CVE-2021-22422

AFFECTED PRODUCTS

vendor:	huawei	model:	harmonyos	scope:	eq	version:	2.0	Trust: 1.0
vendor:	huawei	model:	harmonyos	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	harmonyos	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-009365 // NVD: CVE-2021-22422

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-22422
value:	HIGH
Trust: 1.0
NVD:	CVE-2021-22422
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202108-320
value:	HIGH
Trust: 0.6
VULHUB:	VHN-380857
value:	HIGH
Trust: 0.1
VULMON:	CVE-2021-22422
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2021-22422
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-380857
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-22422
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2021-22422
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-380857 // VULMON: CVE-2021-22422 // JVNDB: JVNDB-2021-009365 // CNNVD: CNNVD-202108-320 // NVD: CVE-2021-22422

PROBLEMTYPE DATA

problemtype:	CWE-190	Trust: 1.1
problemtype:	Integer overflow or wraparound (CWE-190) [NVD Evaluation ]	Trust: 0.8

sources: VULHUB: VHN-380857 // JVNDB: JVNDB-2021-009365 // NVD: CVE-2021-22422

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202108-320

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202108-320

PATCH

title:	Keisei Expectations	url:	https://device.harmonyos.com/cn/docs/security/update/oem_security_update_phone_202106-0000001165452077	Trust: 0.8
title:	Huawei HarmonyOS Enter the fix for the verification error vulnerability	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=159650	Trust: 0.6

sources: JVNDB: JVNDB-2021-009365 // CNNVD: CNNVD-202108-320

EXTERNAL IDS

db:	NVD	id:	CVE-2021-22422	Trust: 3.4
db:	JVNDB	id:	JVNDB-2021-009365	Trust: 0.8
db:	CNNVD	id:	CNNVD-202108-320	Trust: 0.6
db:	VULHUB	id:	VHN-380857	Trust: 0.1
db:	VULMON	id:	CVE-2021-22422	Trust: 0.1

sources: VULHUB: VHN-380857 // VULMON: CVE-2021-22422 // JVNDB: JVNDB-2021-009365 // CNNVD: CNNVD-202108-320 // NVD: CVE-2021-22422

REFERENCES

url:	https://device.harmonyos.com/cn/docs/security/update/oem_security_update_phone_202106-0000001165452077	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2021-22422	Trust: 1.4
url:	https://device.harmonyos.com/cn/docs/security/update/security-bulletins-phones-202106-0000001165452077	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/190.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-380857 // VULMON: CVE-2021-22422 // JVNDB: JVNDB-2021-009365 // CNNVD: CNNVD-202108-320 // NVD: CVE-2021-22422

SOURCES

db:	VULHUB	id:	VHN-380857
db:	VULMON	id:	CVE-2021-22422
db:	JVNDB	id:	JVNDB-2021-009365
db:	CNNVD	id:	CNNVD-202108-320
db:	NVD	id:	CVE-2021-22422

LAST UPDATE DATE

2024-08-14T14:18:24.477000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-380857	date:	2021-08-11T00:00:00
db:	VULMON	id:	CVE-2021-22422	date:	2021-08-11T00:00:00
db:	JVNDB	id:	JVNDB-2021-009365	date:	2022-04-21T08:43:00
db:	CNNVD	id:	CNNVD-202108-320	date:	2021-11-29T00:00:00
db:	NVD	id:	CVE-2021-22422	date:	2021-08-11T13:32:37.243

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-380857	date:	2021-08-03T00:00:00
db:	VULMON	id:	CVE-2021-22422	date:	2021-08-03T00:00:00
db:	JVNDB	id:	JVNDB-2021-009365	date:	2022-04-21T00:00:00
db:	CNNVD	id:	CNNVD-202108-320	date:	2021-08-03T00:00:00
db:	NVD	id:	CVE-2021-22422	date:	2021-08-03T18:15:08.193