Vulnerability-Lookup

CVE-2021-37046 (GCVE-0-2021-37046)

Vulnerability from cvelistv5 – Published: 2021-12-07 15:45 – Updated: 2024-08-04 01:09

Summary

There is a Memory leak vulnerability with the codec detection module in Huawei Smartphone.Successful exploitation of this vulnerability may cause the device to restart due to memory exhaustion.

Severity ?

No CVSS data available.

CWE

Memory leak vulnerability with the codec detection module

Assigner

huawei

References

URL

CNVD-2021-100640

Vulnerability from cnvd - Published: 2021-12-17

Title

Huawei Emui和Magic UI编解码器检测模块内存泄露漏洞

Description

Huawei Emui是一款基于Android开发的移动端操作系统。Magic Ui是一款基于Android开发的移动端操作系统。 Huawei Emui和Magic UI编解码器检测模块存在内存泄露漏洞。攻击者可利用该漏洞造成设备内存耗尽从而重新启动。

Severity

高

Patch Name

Huawei Emui和Magic UI编解码器检测模块内存泄露漏洞的补丁

Patch Description

Huawei Emui是一款基于Android开发的移动端操作系统。Magic Ui是一款基于Android开发的移动端操作系统。 Huawei Emui和Magic UI编解码器检测模块存在内存泄露漏洞。攻击者可利用该漏洞造成设备内存耗尽从而重新启动。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： https://consumer.huawei.com/en/support/bulletin/2021/9/

Reference

https://nvd.nist.gov/vuln/detail/CVE-2021-37046

Impacted products

Name
['Huawei EMUI 11.0.0', 'Huawei Magic UI 4.0.0']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2021-37046",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2021-37046"
    }
  },
  "description": "Huawei Emui\u662f\u4e00\u6b3e\u57fa\u4e8eAndroid\u5f00\u53d1\u7684\u79fb\u52a8\u7aef\u64cd\u4f5c\u7cfb\u7edf\u3002Magic Ui\u662f\u4e00\u6b3e\u57fa\u4e8eAndroid\u5f00\u53d1\u7684\u79fb\u52a8\u7aef\u64cd\u4f5c\u7cfb\u7edf\u3002\n\nHuawei Emui\u548cMagic UI\u7f16\u89e3\u7801\u5668\u68c0\u6d4b\u6a21\u5757\u5b58\u5728\u5185\u5b58\u6cc4\u9732\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u8bbe\u5907\u5185\u5b58\u8017\u5c3d\u4ece\u800c\u91cd\u65b0\u542f\u52a8\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a  https://consumer.huawei.com/en/support/bulletin/2021/9/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2021-100640",
  "openTime": "2021-12-17",
  "patchDescription": "Huawei Emui\u662f\u4e00\u6b3e\u57fa\u4e8eAndroid\u5f00\u53d1\u7684\u79fb\u52a8\u7aef\u64cd\u4f5c\u7cfb\u7edf\u3002Magic Ui\u662f\u4e00\u6b3e\u57fa\u4e8eAndroid\u5f00\u53d1\u7684\u79fb\u52a8\u7aef\u64cd\u4f5c\u7cfb\u7edf\u3002\r\n\r\nHuawei Emui\u548cMagic UI\u7f16\u89e3\u7801\u5668\u68c0\u6d4b\u6a21\u5757\u5b58\u5728\u5185\u5b58\u6cc4\u9732\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u8bbe\u5907\u5185\u5b58\u8017\u5c3d\u4ece\u800c\u91cd\u65b0\u542f\u52a8\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Huawei Emui\u548cMagic UI\u7f16\u89e3\u7801\u5668\u68c0\u6d4b\u6a21\u5757\u5185\u5b58\u6cc4\u9732\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Huawei EMUI 11.0.0",
      "Huawei Magic UI 4.0.0"
    ]
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2021-37046",
  "serverity": "\u9ad8",
  "submitTime": "2021-12-08",
  "title": "Huawei Emui\u548cMagic UI\u7f16\u89e3\u7801\u5668\u68c0\u6d4b\u6a21\u5757\u5185\u5b58\u6cc4\u9732\u6f0f\u6d1e"
}

GSD-2021-37046

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

There is a Memory leak vulnerability with the codec detection module in Huawei Smartphone.Successful exploitation of this vulnerability may cause the device to restart due to memory exhaustion.

Aliases

CVE-2021-37046

Aliases

CVE-2021-37046

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2021-37046",
    "description": "There is a Memory leak vulnerability with the codec detection module in Huawei Smartphone.Successful exploitation of this vulnerability may cause the device to restart due to memory exhaustion.",
    "id": "GSD-2021-37046"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2021-37046"
      ],
      "details": "There is a Memory leak vulnerability with the codec detection module in Huawei Smartphone.Successful exploitation of this vulnerability may cause the device to restart due to memory exhaustion.",
      "id": "GSD-2021-37046",
      "modified": "2023-12-13T01:23:09.880376Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@huawei.com",
        "ID": "CVE-2021-37046",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "EMUI",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "11.0.0"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Magic UI",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "4.0.0"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Huawei"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "There is a Memory leak vulnerability with the codec detection module in Huawei Smartphone.Successful exploitation of this vulnerability may cause the device to restart due to memory exhaustion."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Memory leak vulnerability with the codec detection module"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://consumer.huawei.com/en/support/bulletin/2021/9/",
            "refsource": "MISC",
            "url": "https://consumer.huawei.com/en/support/bulletin/2021/9/"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:huawei:emui:11.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:huawei:magic_ui:4.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@huawei.com",
          "ID": "CVE-2021-37046"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "There is a Memory leak vulnerability with the codec detection module in Huawei Smartphone.Successful exploitation of this vulnerability may cause the device to restart due to memory exhaustion."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-401"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://consumer.huawei.com/en/support/bulletin/2021/9/",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://consumer.huawei.com/en/support/bulletin/2021/9/"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.8,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 6.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2021-12-07T19:43Z",
      "publishedDate": "2021-12-07T16:15Z"
    }
  }
}

VAR-202112-0135

Vulnerability from variot - Updated: 2024-08-14 15:27

There is a Memory leak vulnerability with the codec detection module in Huawei Smartphone.Successful exploitation of this vulnerability may cause the device to restart due to memory exhaustion. Huawei A vulnerability related to lack of freeing memory after expiration exists in smartphone products.Service operation interruption (DoS) It may be in a state

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202112-0135",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "emui",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "huawei",
        "version": "11.0.0"
      },
      {
        "model": "magic ui",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "huawei",
        "version": "4.0.0"
      },
      {
        "model": "emui",
        "scope": null,
        "trust": 0.8,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "magic ui",
        "scope": null,
        "trust": 0.8,
        "vendor": "huawei",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-015793"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-37046"
      }
    ]
  },
  "cve": "CVE-2021-37046",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.8,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "CVE-2021-37046",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "severity": "HIGH",
            "trust": 1.8,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.8,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "VHN-398879",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "id": "CVE-2021-37046",
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 7.5,
            "baseSeverity": "High",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2021-37046",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2021-37046",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2021-37046",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202112-463",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-398879",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-398879"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-015793"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202112-463"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-37046"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "There is a Memory leak vulnerability with the codec detection module in Huawei Smartphone.Successful exploitation of this vulnerability may cause the device to restart due to memory exhaustion. Huawei A vulnerability related to lack of freeing memory after expiration exists in smartphone products.Service operation interruption (DoS) It may be in a state",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-37046"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-015793"
      },
      {
        "db": "VULHUB",
        "id": "VHN-398879"
      }
    ],
    "trust": 1.71
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2021-37046",
        "trust": 3.3
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-015793",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202112-463",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-398879",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-398879"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-015793"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202112-463"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-37046"
      }
    ]
  },
  "id": "VAR-202112-0135",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-398879"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-08-14T15:27:33.816000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "HUAWEI\u00a0EMUI/Magic\u00a0UI\u00a0security\u00a0updates\u00a0September\u00a02021",
        "trust": 0.8,
        "url": "https://consumer.huawei.com/en/support/bulletin/2021/9/"
      },
      {
        "title": "Huawei Smartphone Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=173135"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-015793"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202112-463"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-401",
        "trust": 1.1
      },
      {
        "problemtype": "Lack of memory release after expiration (CWE-401) [NVD evaluation ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-398879"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-015793"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-37046"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "https://consumer.huawei.com/en/support/bulletin/2021/9/"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-37046"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-398879"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-015793"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202112-463"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-37046"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-398879"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-015793"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202112-463"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-37046"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-12-07T00:00:00",
        "db": "VULHUB",
        "id": "VHN-398879"
      },
      {
        "date": "2022-11-30T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2021-015793"
      },
      {
        "date": "2021-12-07T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202112-463"
      },
      {
        "date": "2021-12-07T16:15:07.497000",
        "db": "NVD",
        "id": "CVE-2021-37046"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-12-07T00:00:00",
        "db": "VULHUB",
        "id": "VHN-398879"
      },
      {
        "date": "2022-11-30T04:57:00",
        "db": "JVNDB",
        "id": "JVNDB-2021-015793"
      },
      {
        "date": "2021-12-08T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202112-463"
      },
      {
        "date": "2021-12-07T19:43:55.347000",
        "db": "NVD",
        "id": "CVE-2021-37046"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202112-463"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Huawei\u00a0 Vulnerability related to lack of memory release after expiration in smartphone products",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-015793"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "other",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202112-463"
      }
    ],
    "trust": 0.6
  }
}

FKIE_CVE-2021-37046

Vulnerability from fkie_nvd - Published: 2021-12-07 16:15 - Updated: 2024-11-21 06:14

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

There is a Memory leak vulnerability with the codec detection module in Huawei Smartphone.Successful exploitation of this vulnerability may cause the device to restart due to memory exhaustion.

References

	URL	Tags
	psirt@huawei.com	https://consumer.huawei.com/en/support/bulletin/2021/9/	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://consumer.huawei.com/en/support/bulletin/2021/9/	Vendor Advisory

Impacted products

	Vendor	Product	Version
	huawei	emui	11.0.0
	huawei	magic_ui	4.0.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:huawei:emui:11.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B701EC6-8208-4D22-95A6-B07D471A8A8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:huawei:magic_ui:4.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6066FAB-23F5-4CB2-B89E-B00F8835AC39",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "There is a Memory leak vulnerability with the codec detection module in Huawei Smartphone.Successful exploitation of this vulnerability may cause the device to restart due to memory exhaustion."
    },
    {
      "lang": "es",
      "value": "Se presenta una vulnerabilidad de p\u00e9rdida de Memoria en el m\u00f3dulo de detecci\u00f3n de c\u00f3decs en el Smartphone de Huawei. Una explotaci\u00f3n con \u00e9xito de esta vulnerabilidad puede causar el reinicio del dispositivo debido al agotamiento de la memoria"
    }
  ],
  "id": "CVE-2021-37046",
  "lastModified": "2024-11-21T06:14:33.203",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.8,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-12-07T16:15:07.497",
  "references": [
    {
      "source": "psirt@huawei.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://consumer.huawei.com/en/support/bulletin/2021/9/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://consumer.huawei.com/en/support/bulletin/2021/9/"
    }
  ],
  "sourceIdentifier": "psirt@huawei.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-401"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-5VP7-VVX6-J367

Vulnerability from github – Published: 2021-12-08 00:01 – Updated: 2021-12-08 00:01

Details

There is a Memory leak vulnerability with the codec detection module in Huawei Smartphone.Successful exploitation of this vulnerability may cause the device to restart due to memory exhaustion.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2021-37046"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-12-07T16:15:00Z",
    "severity": "HIGH"
  },
  "details": "There is a Memory leak vulnerability with the codec detection module in Huawei Smartphone.Successful exploitation of this vulnerability may cause the device to restart due to memory exhaustion.",
  "id": "GHSA-5vp7-vvx6-j367",
  "modified": "2021-12-08T00:01:26Z",
  "published": "2021-12-08T00:01:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-37046"
    },
    {
      "type": "WEB",
      "url": "https://consumer.huawei.com/en/support/bulletin/2021/9"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2021-37046 (GCVE-0-2021-37046)

CNVD-2021-100640

GSD-2021-37046

VAR-202112-0135

FKIE_CVE-2021-37046

GHSA-5VP7-VVX6-J367

Tags

Sightings

Nomenclature