ID

VAR-202112-0258


CVE

CVE-2021-37014


TITLE

Huawei  Integer overflow vulnerability in smartphone products

Trust: 0.8

sources: JVNDB: JVNDB-2021-015761

DESCRIPTION

There is a Stack-based Buffer Overflow vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to device cannot be used properly. Huawei Smartphone products contain an integer overflow vulnerability.Service operation interruption (DoS) It may be in a state

Trust: 1.71

sources: NVD: CVE-2021-37014 // JVNDB: JVNDB-2021-015761 // VULHUB: VHN-398846

AFFECTED PRODUCTS

vendor:huaweimodel:harmonyosscope:ltversion:2.0

Trust: 1.0

vendor:huaweimodel:harmonyosscope:eqversion: -

Trust: 0.8

vendor:huaweimodel:harmonyosscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-015761 // NVD: CVE-2021-37014

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-37014
value: HIGH

Trust: 1.0

NVD: CVE-2021-37014
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202109-2051
value: HIGH

Trust: 0.6

VULHUB: VHN-398846
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-37014
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-398846
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-37014
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2021-37014
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-398846 // JVNDB: JVNDB-2021-015761 // CNNVD: CNNVD-202109-2051 // NVD: CVE-2021-37014

PROBLEMTYPE DATA

problemtype:CWE-787

Trust: 1.0

problemtype:Integer overflow or wraparound (CWE-190) [NVD evaluation ]

Trust: 0.8

problemtype:CWE-190

Trust: 0.1

sources: VULHUB: VHN-398846 // JVNDB: JVNDB-2021-015761 // NVD: CVE-2021-37014

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202109-2051

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202109-2051

PATCH

title:security-bulletins-202109-0000001196270727url:https://device.harmonyos.com/en/docs/security/update/security-bulletins-202109-0000001196270727

Trust: 0.8

title:Huawei HarmonyOS Enter the fix for the verification error vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=173231

Trust: 0.6

sources: JVNDB: JVNDB-2021-015761 // CNNVD: CNNVD-202109-2051

EXTERNAL IDS

db:NVDid:CVE-2021-37014

Trust: 3.3

db:JVNDBid:JVNDB-2021-015761

Trust: 0.8

db:CNNVDid:CNNVD-202109-2051

Trust: 0.6

db:VULHUBid:VHN-398846

Trust: 0.1

sources: VULHUB: VHN-398846 // JVNDB: JVNDB-2021-015761 // CNNVD: CNNVD-202109-2051 // NVD: CVE-2021-37014

REFERENCES

url:https://device.harmonyos.com/en/docs/security/update/security-bulletins-202109-0000001196270727

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2021-37014

Trust: 0.8

url:https://device.harmonyos.com/cn/docs/security/update/security-bulletins-202109-0000001196270727

Trust: 0.6

sources: VULHUB: VHN-398846 // JVNDB: JVNDB-2021-015761 // CNNVD: CNNVD-202109-2051 // NVD: CVE-2021-37014

SOURCES

db:VULHUBid:VHN-398846
db:JVNDBid:JVNDB-2021-015761
db:CNNVDid:CNNVD-202109-2051
db:NVDid:CVE-2021-37014

LAST UPDATE DATE

2024-08-14T14:50:03.484000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-398846date:2021-12-09T00:00:00
db:JVNDBid:JVNDB-2021-015761date:2022-11-30T01:47:00
db:CNNVDid:CNNVD-202109-2051date:2021-12-08T00:00:00
db:NVDid:CVE-2021-37014date:2023-08-08T14:21:49.707

SOURCES RELEASE DATE

db:VULHUBid:VHN-398846date:2021-12-07T00:00:00
db:JVNDBid:JVNDB-2021-015761date:2022-11-30T00:00:00
db:CNNVDid:CNNVD-202109-2051date:2021-09-05T00:00:00
db:NVDid:CVE-2021-37014date:2021-12-07T17:15:08.260