Details of VAR-202110-1479

ID

VAR-202110-1479

CVE

CVE-2021-36997

TITLE

Huawei Vulnerabilities in smartphones

Trust: 0.8

sources: JVNDB: JVNDB-2021-014261

DESCRIPTION

There is a Low memory error in Huawei Smartphone due to the unlimited size of images to be parsed.Successful exploitation of this vulnerability may cause the Gallery or Files app to exit unexpectedly. Huawei Smartphones have unspecified vulnerabilities.Service operation interruption (DoS) It may be in a state

Trust: 1.71

sources: NVD: CVE-2021-36997 // JVNDB: JVNDB-2021-014261 // VULHUB: VHN-398830

AFFECTED PRODUCTS

vendor:	huawei	model:	emui	scope:	eq	version:	11.0.0	Trust: 1.0
vendor:	huawei	model:	emui	scope:	eq	version:	10.1.1	Trust: 1.0
vendor:	huawei	model:	magic ui	scope:	eq	version:	4.0.0	Trust: 1.0
vendor:	huawei	model:	magic ui	scope:	eq	version:	3.1.1	Trust: 1.0
vendor:	huawei	model:	emui	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	magic ui	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-014261 // NVD: CVE-2021-36997

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-36997
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2021-36997
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202110-2096
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-398830
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-36997
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-398830
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-36997
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	LOW
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.1
Trust: 1.0
NVD:	CVE-2021-36997
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	LOW
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-398830 // JVNDB: JVNDB-2021-014261 // CNNVD: CNNVD-202110-2096 // NVD: CVE-2021-36997

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	Lack of information (CWE-noinfo) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-014261 // NVD: CVE-2021-36997

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202110-2096

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202110-2096

PATCH

title:	CVE-2021-36997	url:	https://consumer.huawei.com/en/support/bulletin/2021/7/	Trust: 0.8
title:	Huawei HarmonyOS Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=171622	Trust: 0.6

sources: JVNDB: JVNDB-2021-014261 // CNNVD: CNNVD-202110-2096

EXTERNAL IDS

db:	NVD	id:	CVE-2021-36997	Trust: 3.3
db:	JVNDB	id:	JVNDB-2021-014261	Trust: 0.8
db:	CNNVD	id:	CNNVD-202110-2096	Trust: 0.6
db:	VULHUB	id:	VHN-398830	Trust: 0.1

sources: VULHUB: VHN-398830 // JVNDB: JVNDB-2021-014261 // CNNVD: CNNVD-202110-2096 // NVD: CVE-2021-36997

REFERENCES

url:	https://consumer.huawei.com/en/support/bulletin/2021/7/	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2021-36997	Trust: 1.4
url:	https://device.harmonyos.com/cn/docs/security/update/security-bulletins-202108-0000001180965965	Trust: 0.6

sources: VULHUB: VHN-398830 // JVNDB: JVNDB-2021-014261 // CNNVD: CNNVD-202110-2096 // NVD: CVE-2021-36997

SOURCES

db:	VULHUB	id:	VHN-398830
db:	JVNDB	id:	JVNDB-2021-014261
db:	CNNVD	id:	CNNVD-202110-2096
db:	NVD	id:	CVE-2021-36997

LAST UPDATE DATE

2024-08-14T15:01:17.626000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-398830	date:	2021-11-01T00:00:00
db:	JVNDB	id:	JVNDB-2021-014261	date:	2022-10-11T08:42:00
db:	CNNVD	id:	CNNVD-202110-2096	date:	2021-11-29T00:00:00
db:	NVD	id:	CVE-2021-36997	date:	2021-11-01T21:24:27.103

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-398830	date:	2021-10-28T00:00:00
db:	JVNDB	id:	JVNDB-2021-014261	date:	2022-10-11T00:00:00
db:	CNNVD	id:	CNNVD-202110-2096	date:	2021-10-28T00:00:00
db:	NVD	id:	CVE-2021-36997	date:	2021-10-28T13:15:10.873