CVE-2021-22327

EUVD-2021-9473

28.04.2021, 12:15

There is an arbitrary memory write vulnerability in Huawei smart phone when processing file parsing. Due to insufficient validation of the input files, successful exploit could cause certain service abnormal. Affected product versions include:HUAWEI P30 versions 10.0.0.186(C10E7R5P1), 10.0.0.186(C461E4R3P1), 10.0.0.188(C00E85R2P11), 10.0.0.188(C01E88R2P11),10.0.0.188(C605E19R1P3), 10.0.0.190(C185E4R7P1), 10.0.0.190(C431E22R2P5), 10.0.0.190(C432E22R2P5),10.0.0.190(C605E19R1P3), 10.0.0.190(C636E4R3P4), 10.0.0.192(C635E3R2P4).

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	6.5 MEDIUM	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 36%

Affected Products (NVD)

Vendor	Product	Version
huawei	p30_firmware	10.0.0.186\(c10e7r5p1\)
huawei	p30_firmware	10.0.0.186\(c461e4r3p1\)
huawei	p30_firmware	10.0.0.188\(c00e85r2p11\)
huawei	p30_firmware	10.0.0.188\(c01e88r2p11\)
huawei	p30_firmware	10.0.0.188\(c605e19r1p3\)
huawei	p30_firmware	10.0.0.190\(c185e4r7p1\)
huawei	p30_firmware	10.0.0.190\(c431e22r2p5\)
huawei	p30_firmware	10.0.0.190\(c432e22r2p5\)
huawei	p30_firmware	10.0.0.190\(c605e19r1p3\)
huawei	p30_firmware	10.0.0.190\(c636e4r3p4\)
huawei	p30_firmware	10.0.0.192\(c635e3r2p4\)

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-787 - Out-of-bounds Write
The software writes data past the end, or before the beginning, of the intended buffer.

References

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210331-01-smartphone-en