ID

VAR-202112-0252


CVE

CVE-2021-37062


TITLE

Huawei  Vulnerability related to array index validation in smartphones

Trust: 0.8

sources: JVNDB: JVNDB-2021-016039

DESCRIPTION

There is a Improper Validation of Array Index vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to memory overflow and information leakage. Huawei Smartphones contain an array index validation vulnerability.Information is obtained and service operation is interrupted (DoS) It may be in a state. Huawei HarmonyOS is an operating system of the Chinese company Huawei. Provide a microkernel-based full-scenario distributed operating system. Huawei HarmonyOS 2.0 has an information disclosure vulnerability

Trust: 1.71

sources: NVD: CVE-2021-37062 // JVNDB: JVNDB-2021-016039 // VULHUB: VHN-398896

AFFECTED PRODUCTS

vendor:huaweimodel:harmonyosscope:ltversion:2.0

Trust: 1.0

vendor:huaweimodel:harmonyosscope: - version: -

Trust: 0.8

vendor:huaweimodel:harmonyosscope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-016039 // NVD: CVE-2021-37062

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-37062
value: CRITICAL

Trust: 1.0

NVD: CVE-2021-37062
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-202109-2044
value: CRITICAL

Trust: 0.6

VULHUB: VHN-398896
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-37062
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-398896
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-37062
baseSeverity: CRITICAL
baseScore: 9.1
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.2
version: 3.1

Trust: 1.0

NVD: CVE-2021-37062
baseSeverity: CRITICAL
baseScore: 9.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-398896 // JVNDB: JVNDB-2021-016039 // CNNVD: CNNVD-202109-2044 // NVD: CVE-2021-37062

PROBLEMTYPE DATA

problemtype:CWE-129

Trust: 1.1

problemtype:Improper validation of array indexes (CWE-129) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-398896 // JVNDB: JVNDB-2021-016039 // NVD: CVE-2021-37062

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202109-2044

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202109-2044

PATCH

title:security-bulletins-202109-0000001196270727url:https://device.harmonyos.com/en/docs/security/update/security-bulletins-202109-0000001196270727

Trust: 0.8

title:Huawei HarmonyOS Enter the fix for the verification error vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=173518

Trust: 0.6

sources: JVNDB: JVNDB-2021-016039 // CNNVD: CNNVD-202109-2044

EXTERNAL IDS

db:NVDid:CVE-2021-37062

Trust: 3.3

db:JVNDBid:JVNDB-2021-016039

Trust: 0.8

db:CNNVDid:CNNVD-202109-2044

Trust: 0.6

db:CNVDid:CNVD-2022-47653

Trust: 0.1

db:VULHUBid:VHN-398896

Trust: 0.1

sources: VULHUB: VHN-398896 // JVNDB: JVNDB-2021-016039 // CNNVD: CNNVD-202109-2044 // NVD: CVE-2021-37062

REFERENCES

url:https://device.harmonyos.com/en/docs/security/update/security-bulletins-202109-0000001196270727

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2021-37062

Trust: 0.8

url:https://device.harmonyos.com/cn/docs/security/update/security-bulletins-202109-0000001196270727

Trust: 0.6

sources: VULHUB: VHN-398896 // JVNDB: JVNDB-2021-016039 // CNNVD: CNNVD-202109-2044 // NVD: CVE-2021-37062

SOURCES

db:VULHUBid:VHN-398896
db:JVNDBid:JVNDB-2021-016039
db:CNNVDid:CNNVD-202109-2044
db:NVDid:CVE-2021-37062

LAST UPDATE DATE

2024-08-14T14:31:29.721000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-398896date:2021-12-09T00:00:00
db:JVNDBid:JVNDB-2021-016039date:2022-12-05T07:23:00
db:CNNVDid:CNNVD-202109-2044date:2021-12-09T00:00:00
db:NVDid:CVE-2021-37062date:2021-12-09T17:39:59.487

SOURCES RELEASE DATE

db:VULHUBid:VHN-398896date:2021-12-07T00:00:00
db:JVNDBid:JVNDB-2021-016039date:2022-12-05T00:00:00
db:CNNVDid:CNNVD-202109-2044date:2021-09-05T00:00:00
db:NVDid:CVE-2021-37062date:2021-12-07T17:15:08.677