Sign-up

ID

VAR-202110-1435


CVE

CVE-2021-22455


TITLE

HarmonyOS  Integer overflow vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2021-014462

DESCRIPTION

A component of the HarmonyOS has a Integer Overflow or Wraparound vulnerability. Local attackers may exploit this vulnerability to cause the memory which is not released. HarmonyOS Exists in an integer overflow vulnerability.Service operation interruption (DoS) It may be in a state

Trust: 1.71

sources: NVD: CVE-2021-22455 // JVNDB: JVNDB-2021-014462 // VULHUB: VHN-380890

AFFECTED PRODUCTS

vendor:huaweimodel:harmonyosscope:eqversion:2.0

Trust: 1.0

vendor:huaweimodel:harmonyosscope:eqversion: -

Trust: 0.8

vendor:huaweimodel:harmonyosscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-014462 // NVD: CVE-2021-22455

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-22455
value: MEDIUM

Trust: 1.0

NVD: CVE-2021-22455
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202110-2045
value: MEDIUM

Trust: 0.6

VULHUB: VHN-380890
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2021-22455
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:N/I:N/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-380890
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:N/I:N/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-22455
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2021-22455
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-380890 // JVNDB: JVNDB-2021-014462 // CNNVD: CNNVD-202110-2045 // NVD: CVE-2021-22455

PROBLEMTYPE DATA

problemtype:CWE-190

Trust: 1.1

problemtype:Integer overflow or wraparound (CWE-190) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-380890 // JVNDB: JVNDB-2021-014462 // NVD: CVE-2021-22455

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202110-2045

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202110-2045

PATCH

title:security-bulletins-202107-0000001123874808url:https://device.harmonyos.com/cn/docs/security/update/security-bulletins-202107-0000001123874808

Trust: 0.8

title:Huawei HarmonyOS Enter the fix for the verification error vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=171477

Trust: 0.6

sources: JVNDB: JVNDB-2021-014462 // CNNVD: CNNVD-202110-2045

EXTERNAL IDS

db:NVDid:CVE-2021-22455

Trust: 3.3

db:JVNDBid:JVNDB-2021-014462

Trust: 0.8

db:CNNVDid:CNNVD-202110-2045

Trust: 0.6

db:VULHUBid:VHN-380890

Trust: 0.1

sources: VULHUB: VHN-380890 // JVNDB: JVNDB-2021-014462 // CNNVD: CNNVD-202110-2045 // NVD: CVE-2021-22455

REFERENCES

url:https://device.harmonyos.com/cn/docs/security/update/security-bulletins-202107-0000001123874808

Trust: 2.3

url:https://nvd.nist.gov/vuln/detail/cve-2021-22455

Trust: 0.8

sources: VULHUB: VHN-380890 // JVNDB: JVNDB-2021-014462 // CNNVD: CNNVD-202110-2045 // NVD: CVE-2021-22455

SOURCES

db:VULHUBid:VHN-380890
db:JVNDBid:JVNDB-2021-014462
db:CNNVDid:CNNVD-202110-2045
db:NVDid:CVE-2021-22455

LAST UPDATE DATE

2024-08-14T13:53:52.163000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-380890date:2021-11-02T00:00:00
db:JVNDBid:JVNDB-2021-014462date:2022-10-19T03:59:00
db:CNNVDid:CNNVD-202110-2045date:2021-11-29T00:00:00
db:NVDid:CVE-2021-22455date:2021-11-02T12:35:39.873

SOURCES RELEASE DATE

db:VULHUBid:VHN-380890date:2021-10-28T00:00:00
db:JVNDBid:JVNDB-2021-014462date:2022-10-19T00:00:00
db:CNNVDid:CNNVD-202110-2045date:2021-10-28T00:00:00
db:NVDid:CVE-2021-22455date:2021-10-28T13:15:09.027