Details of VAR-202112-0252

ID

VAR-202112-0252

CVE

CVE-2021-37062

TITLE

Huawei Vulnerability related to array index validation in smartphones

Trust: 0.8

sources: JVNDB: JVNDB-2021-016039

DESCRIPTION

There is a Improper Validation of Array Index vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to memory overflow and information leakage. Huawei Smartphones contain an array index validation vulnerability.Information is obtained and service operation is interrupted (DoS) It may be in a state. Huawei HarmonyOS is an operating system of the Chinese company Huawei. Provide a microkernel-based full-scenario distributed operating system. Huawei HarmonyOS 2.0 has an information disclosure vulnerability

Trust: 1.71

sources: NVD: CVE-2021-37062 // JVNDB: JVNDB-2021-016039 // VULHUB: VHN-398896

AFFECTED PRODUCTS

vendor:	huawei	model:	harmonyos	scope:	lt	version:	2.0	Trust: 1.0
vendor:	huawei	model:	harmonyos	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	harmonyos	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-016039 // NVD: CVE-2021-37062

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-37062
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2021-37062
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-202109-2044
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-398896
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-37062
severity:	MEDIUM
baseScore:	6.4
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-398896
severity:	MEDIUM
baseScore:	6.4
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-37062
baseSeverity:	CRITICAL
baseScore:	9.1
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.2
version:	3.1
Trust: 1.0
NVD:	CVE-2021-37062
baseSeverity:	CRITICAL
baseScore:	9.1
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-398896 // JVNDB: JVNDB-2021-016039 // CNNVD: CNNVD-202109-2044 // NVD: CVE-2021-37062

PROBLEMTYPE DATA

problemtype:	CWE-129	Trust: 1.1
problemtype:	Improper validation of array indexes (CWE-129) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-398896 // JVNDB: JVNDB-2021-016039 // NVD: CVE-2021-37062

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202109-2044

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202109-2044

PATCH

title:	security-bulletins-202109-0000001196270727	url:	https://device.harmonyos.com/en/docs/security/update/security-bulletins-202109-0000001196270727	Trust: 0.8
title:	Huawei HarmonyOS Enter the fix for the verification error vulnerability	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=173518	Trust: 0.6

sources: JVNDB: JVNDB-2021-016039 // CNNVD: CNNVD-202109-2044

EXTERNAL IDS

db:	NVD	id:	CVE-2021-37062	Trust: 3.3
db:	JVNDB	id:	JVNDB-2021-016039	Trust: 0.8
db:	CNNVD	id:	CNNVD-202109-2044	Trust: 0.6
db:	CNVD	id:	CNVD-2022-47653	Trust: 0.1
db:	VULHUB	id:	VHN-398896	Trust: 0.1

sources: VULHUB: VHN-398896 // JVNDB: JVNDB-2021-016039 // CNNVD: CNNVD-202109-2044 // NVD: CVE-2021-37062

REFERENCES

url:	https://device.harmonyos.com/en/docs/security/update/security-bulletins-202109-0000001196270727	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2021-37062	Trust: 0.8
url:	https://device.harmonyos.com/cn/docs/security/update/security-bulletins-202109-0000001196270727	Trust: 0.6

sources: VULHUB: VHN-398896 // JVNDB: JVNDB-2021-016039 // CNNVD: CNNVD-202109-2044 // NVD: CVE-2021-37062

SOURCES

db:	VULHUB	id:	VHN-398896
db:	JVNDB	id:	JVNDB-2021-016039
db:	CNNVD	id:	CNNVD-202109-2044
db:	NVD	id:	CVE-2021-37062

LAST UPDATE DATE

2024-08-14T14:31:29.721000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-398896	date:	2021-12-09T00:00:00
db:	JVNDB	id:	JVNDB-2021-016039	date:	2022-12-05T07:23:00
db:	CNNVD	id:	CNNVD-202109-2044	date:	2021-12-09T00:00:00
db:	NVD	id:	CVE-2021-37062	date:	2021-12-09T17:39:59.487

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-398896	date:	2021-12-07T00:00:00
db:	JVNDB	id:	JVNDB-2021-016039	date:	2022-12-05T00:00:00
db:	CNNVD	id:	CNNVD-202109-2044	date:	2021-09-05T00:00:00
db:	NVD	id:	CVE-2021-37062	date:	2021-12-07T17:15:08.677