Details of VAR-202209-1235

ID

VAR-202209-1235

CVE

CVE-2022-39003

TITLE

Huawei of EMUI and Magic UI Classic buffer overflow vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-017591

DESCRIPTION

Buffer overflow vulnerability in the video framework. Successful exploitation of this vulnerability will affect the confidentiality and integrity of trusted components. Huawei of EMUI and Magic UI Exists in a classic buffer overflow vulnerability.Information may be obtained and information may be tampered with

Trust: 1.8

sources: NVD: CVE-2022-39003 // JVNDB: JVNDB-2022-017591 // VULHUB: VHN-434774 // VULMON: CVE-2022-39003

AFFECTED PRODUCTS

vendor:	huawei	model:	emui	scope:	eq	version:	11.0.0	Trust: 1.0
vendor:	huawei	model:	magic ui	scope:	eq	version:	4.0.0	Trust: 1.0
vendor:	huawei	model:	emui	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	magic ui	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2022-017591 // NVD: CVE-2022-39003

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-39003
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2022-39003
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-202209-1276
value:	CRITICAL
Trust: 0.6

nvd@nist.gov:	CVE-2022-39003
baseSeverity:	CRITICAL
baseScore:	9.1
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	5.2
version:	3.1
Trust: 1.0
NVD:	CVE-2022-39003
baseSeverity:	CRITICAL
baseScore:	9.1
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2022-017591 // CNNVD: CNNVD-202209-1276 // NVD: CVE-2022-39003

PROBLEMTYPE DATA

problemtype:	CWE-120	Trust: 1.1
problemtype:	Classic buffer overflow (CWE-120) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-434774 // JVNDB: JVNDB-2022-017591 // NVD: CVE-2022-39003

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202209-1276

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202209-1276

PATCH

title:

Huawei EMUI Security vulnerabilities

url:

http://123.124.177.30/web/xxk/bdxqById.tag?id=208631

Trust: 0.6

sources: CNNVD: CNNVD-202209-1276

EXTERNAL IDS

db:	NVD	id:	CVE-2022-39003	Trust: 3.4
db:	JVNDB	id:	JVNDB-2022-017591	Trust: 0.8
db:	CNNVD	id:	CNNVD-202209-1276	Trust: 0.6
db:	VULHUB	id:	VHN-434774	Trust: 0.1
db:	VULMON	id:	CVE-2022-39003	Trust: 0.1

sources: VULHUB: VHN-434774 // VULMON: CVE-2022-39003 // JVNDB: JVNDB-2022-017591 // CNNVD: CNNVD-202209-1276 // NVD: CVE-2022-39003

REFERENCES

url:	https://consumer.huawei.com/en/support/bulletin/2022/9/	Trust: 2.6
url:	https://nvd.nist.gov/vuln/detail/cve-2022-39003	Trust: 0.8
url:	https://cxsecurity.com/cveshow/cve-2022-39003/	Trust: 0.6
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-434774 // VULMON: CVE-2022-39003 // JVNDB: JVNDB-2022-017591 // CNNVD: CNNVD-202209-1276 // NVD: CVE-2022-39003

SOURCES

db:	VULHUB	id:	VHN-434774
db:	VULMON	id:	CVE-2022-39003
db:	JVNDB	id:	JVNDB-2022-017591
db:	CNNVD	id:	CNNVD-202209-1276
db:	NVD	id:	CVE-2022-39003

LAST UPDATE DATE

2024-08-14T13:42:26.184000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-434774	date:	2022-09-21T00:00:00
db:	VULMON	id:	CVE-2022-39003	date:	2022-09-16T00:00:00
db:	JVNDB	id:	JVNDB-2022-017591	date:	2023-10-13T08:43:00
db:	CNNVD	id:	CNNVD-202209-1276	date:	2022-09-22T00:00:00
db:	NVD	id:	CVE-2022-39003	date:	2022-09-21T12:40:40.990

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-434774	date:	2022-09-16T00:00:00
db:	VULMON	id:	CVE-2022-39003	date:	2022-09-16T00:00:00
db:	JVNDB	id:	JVNDB-2022-017591	date:	2023-10-13T00:00:00
db:	CNNVD	id:	CNNVD-202209-1276	date:	2022-09-16T00:00:00
db:	NVD	id:	CVE-2022-39003	date:	2022-09-16T18:15:18.013