Details of VAR-202109-1958

ID

VAR-202109-1958

CVE

CVE-2021-22480

TITLE

HarmonyOS Integer overflow vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2021-018972

DESCRIPTION

The interface of a certain HarmonyOS module has an integer overflow vulnerability. Successful exploitation of this vulnerability may lead to heap memory overflow. HarmonyOS Exists in an integer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.71

sources: NVD: CVE-2021-22480 // JVNDB: JVNDB-2021-018972 // VULHUB: VHN-380915

AFFECTED PRODUCTS

vendor:	huawei	model:	harmonyos	scope:	lt	version:	2.0	Trust: 1.0
vendor:	huawei	model:	harmonyos	scope:	eq	version:	-	Trust: 0.8
vendor:	huawei	model:	harmonyos	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-018972 // NVD: CVE-2021-22480

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-22480
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2021-22480
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-202109-2054
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-380915
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2021-22480
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-380915
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-22480
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2021-22480
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-380915 // JVNDB: JVNDB-2021-018972 // CNNVD: CNNVD-202109-2054 // NVD: CVE-2021-22480

PROBLEMTYPE DATA

problemtype:	CWE-190	Trust: 1.1
problemtype:	Integer overflow or wraparound (CWE-190) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-380915 // JVNDB: JVNDB-2021-018972 // NVD: CVE-2021-22480

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202109-2054

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202109-2054

PATCH

title:	security-bulletins-202109-0000001196270727	url:	https://device.harmonyos.com/en/docs/security/update/security-bulletins-202109-0000001196270727	Trust: 0.8
title:	Huawei HarmonyOS Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=171912	Trust: 0.6

sources: JVNDB: JVNDB-2021-018972 // CNNVD: CNNVD-202109-2054

EXTERNAL IDS

db:	NVD	id:	CVE-2021-22480	Trust: 3.3
db:	JVNDB	id:	JVNDB-2021-018972	Trust: 0.8
db:	CNNVD	id:	CNNVD-202109-2054	Trust: 0.6
db:	VULHUB	id:	VHN-380915	Trust: 0.1

sources: VULHUB: VHN-380915 // JVNDB: JVNDB-2021-018972 // CNNVD: CNNVD-202109-2054 // NVD: CVE-2021-22480

REFERENCES

url:	https://device.harmonyos.com/en/docs/security/update/security-bulletins-202109-0000001196270727	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2021-22480	Trust: 0.8
url:	https://device.harmonyos.com/cn/docs/security/update/security-bulletins-202109-0000001196270727	Trust: 0.6
url:	https://cxsecurity.com/cveshow/cve-2021-22480/	Trust: 0.6

sources: VULHUB: VHN-380915 // JVNDB: JVNDB-2021-018972 // CNNVD: CNNVD-202109-2054 // NVD: CVE-2021-22480

SOURCES

db:	VULHUB	id:	VHN-380915
db:	JVNDB	id:	JVNDB-2021-018972
db:	CNNVD	id:	CNNVD-202109-2054
db:	NVD	id:	CVE-2021-22480

LAST UPDATE DATE

2024-08-14T14:50:06.540000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-380915	date:	2022-03-08T00:00:00
db:	JVNDB	id:	JVNDB-2021-018972	date:	2023-07-12T07:27:00
db:	CNNVD	id:	CNNVD-202109-2054	date:	2022-03-11T00:00:00
db:	NVD	id:	CVE-2021-22480	date:	2022-03-08T13:51:37.170

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-380915	date:	2022-02-25T00:00:00
db:	JVNDB	id:	JVNDB-2021-018972	date:	2023-07-12T00:00:00
db:	CNNVD	id:	CNNVD-202109-2054	date:	2021-09-05T00:00:00
db:	NVD	id:	CVE-2021-22480	date:	2022-02-25T19:15:11.207