Details of VAR-202110-1460

ID

VAR-202110-1460

CVE

CVE-2021-22451

TITLE

HarmonyOS Integer overflow vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2021-014241

DESCRIPTION

A component of the HarmonyOS has a Integer Overflow or Wraparound vulnerability. Local attackers may exploit this vulnerability to cause memory overwriting. HarmonyOS Exists in an integer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.71

sources: NVD: CVE-2021-22451 // JVNDB: JVNDB-2021-014241 // VULHUB: VHN-380886

AFFECTED PRODUCTS

vendor:	huawei	model:	harmonyos	scope:	eq	version:	2.0	Trust: 1.0
vendor:	huawei	model:	harmonyos	scope:	eq	version:	-	Trust: 0.8
vendor:	huawei	model:	harmonyos	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-014241 // NVD: CVE-2021-22451

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-22451
value:	HIGH
Trust: 1.0
NVD:	CVE-2021-22451
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202110-2041
value:	HIGH
Trust: 0.6
VULHUB:	VHN-380886
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-22451
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-380886
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-22451
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2021-22451
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-380886 // JVNDB: JVNDB-2021-014241 // CNNVD: CNNVD-202110-2041 // NVD: CVE-2021-22451

PROBLEMTYPE DATA

problemtype:	CWE-190	Trust: 1.1
problemtype:	Integer overflow or wraparound (CWE-190) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-380886 // JVNDB: JVNDB-2021-014241 // NVD: CVE-2021-22451

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202110-2041

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202110-2041

PATCH

title:	security-bulletins-202107-0000001123874808	url:	https://device.harmonyos.com/cn/docs/security/update/security-bulletins-202107-0000001123874808	Trust: 0.8
title:	Huawei HarmonyOS Enter the fix for the verification error vulnerability	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=168086	Trust: 0.6

sources: JVNDB: JVNDB-2021-014241 // CNNVD: CNNVD-202110-2041

EXTERNAL IDS

db:	NVD	id:	CVE-2021-22451	Trust: 3.3
db:	JVNDB	id:	JVNDB-2021-014241	Trust: 0.8
db:	CNNVD	id:	CNNVD-202110-2041	Trust: 0.6
db:	VULHUB	id:	VHN-380886	Trust: 0.1

sources: VULHUB: VHN-380886 // JVNDB: JVNDB-2021-014241 // CNNVD: CNNVD-202110-2041 // NVD: CVE-2021-22451

REFERENCES

url:	https://device.harmonyos.com/cn/docs/security/update/security-bulletins-202107-0000001123874808	Trust: 2.3
url:	https://nvd.nist.gov/vuln/detail/cve-2021-22451	Trust: 0.8

sources: VULHUB: VHN-380886 // JVNDB: JVNDB-2021-014241 // CNNVD: CNNVD-202110-2041 // NVD: CVE-2021-22451

SOURCES

db:	VULHUB	id:	VHN-380886
db:	JVNDB	id:	JVNDB-2021-014241
db:	CNNVD	id:	CNNVD-202110-2041
db:	NVD	id:	CVE-2021-22451

LAST UPDATE DATE

2024-08-14T14:37:51.008000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-380886	date:	2021-11-01T00:00:00
db:	JVNDB	id:	JVNDB-2021-014241	date:	2022-10-11T07:46:00
db:	CNNVD	id:	CNNVD-202110-2041	date:	2021-11-29T00:00:00
db:	NVD	id:	CVE-2021-22451	date:	2021-11-01T18:56:05.770

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-380886	date:	2021-10-28T00:00:00
db:	JVNDB	id:	JVNDB-2021-014241	date:	2022-10-11T00:00:00
db:	CNNVD	id:	CNNVD-202110-2041	date:	2021-10-28T00:00:00
db:	NVD	id:	CVE-2021-22451	date:	2021-10-28T13:15:08.860