exploitDog

CVE-2021-22304

Опубликовано: 06 фев. 2021

Источник: nvd

CVSS3: 3.3

CVSS2: 2.1

EPSS Низкий

Описание

There is a use after free vulnerability in Taurus-AL00A 10.0.0.1(C00E1R1P1). A module may refer to some memory after it has been freed while dealing with some messages. Attackers can exploit this vulnerability by sending specific message to the affected module. This may lead to module crash, compromising normal service.

Ссылки

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210127-03-smartphone-en
Vendor Advisory
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210127-03-smartphone-en
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:huawei:taurus-al00a_firmware:10.0.0.1\(c00e1r1p1\):*:*:*:*:*:*:*

cpe:2.3:h:huawei:taurus-al00a:-:*:*:*:*:*:*:*

EPSS

Процентиль: 8%

0.00029

Низкий

3.3 Low

CVSS3

2.1 Low

CVSS2

Дефекты

CWE-416

Связанные уязвимости

GHSA-fpwv-gp97-jc85

github

больше 3 лет назад

There is a use after free vulnerability in Taurus-AL00A 10.0.0.1(C00E1R1P1). A module may refer to some memory after it has been freed while dealing with some messages. Attackers can exploit this vulnerability by sending specific message to the affected module. This may lead to module crash, compromising normal service.

EPSS

Процентиль: 8%

0.00029

Низкий

3.3 Low

CVSS3

2.1 Low

CVSS2

Дефекты

CWE-416