Vulnerability-Lookup

CVE-2021-37062 (GCVE-0-2021-37062)

Vulnerability from cvelistv5 – Published: 2021-12-07 16:02 – Updated: 2024-08-04 01:09

Summary

There is a Improper Validation of Array Index vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to memory overflow and information leakage.

Severity ?

No CVSS data available.

CWE

Improper Validation of Array Index vulnerability

Assigner

huawei

References

URL

	Vendor	Product	Version
	Huawei	HarmonyOS	Affected: 2.0

FKIE_CVE-2021-37062

Vulnerability from fkie_nvd - Published: 2021-12-07 17:15 - Updated: 2024-11-21 06:14

Severity ?

9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Summary

There is a Improper Validation of Array Index vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to memory overflow and information leakage.

References

	URL	Tags
	psirt@huawei.com	https://device.harmonyos.com/en/docs/security/update/security-bulletins-202109-0000001196270727	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://device.harmonyos.com/en/docs/security/update/security-bulletins-202109-0000001196270727	Vendor Advisory

Impacted products

	Vendor	Product	Version
	huawei	harmonyos	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:huawei:harmonyos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "84A0CF45-FF48-42DF-9063-34AB6CA4FE12",
              "versionEndExcluding": "2.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "There is a Improper Validation of Array Index vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to memory overflow and information leakage."
    },
    {
      "lang": "es",
      "value": "Se presenta una vulnerabilidad de Comprobaci\u00f3n Inapropiada de \u00cdndices de Matriz en el Smartphone de Huawei. Una explotaci\u00f3n con \u00e9xito de esta vulnerabilidad puede conllevar a un desbordamiento de memoria y filtrado de informaci\u00f3n"
    }
  ],
  "id": "CVE-2021-37062",
  "lastModified": "2024-11-21T06:14:34.910",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.4,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.1,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.2,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-12-07T17:15:08.677",
  "references": [
    {
      "source": "psirt@huawei.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202109-0000001196270727"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202109-0000001196270727"
    }
  ],
  "sourceIdentifier": "psirt@huawei.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-129"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2021-37062

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

There is a Improper Validation of Array Index vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to memory overflow and information leakage.

Aliases

CVE-2021-37062

Aliases

CVE-2021-37062

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2021-37062",
    "description": "There is a Improper Validation of Array Index vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to memory overflow and information leakage.",
    "id": "GSD-2021-37062"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2021-37062"
      ],
      "details": "There is a Improper Validation of Array Index vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to memory overflow and information leakage.",
      "id": "GSD-2021-37062",
      "modified": "2023-12-13T01:23:10.196679Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@huawei.com",
        "ID": "CVE-2021-37062",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "HarmonyOS",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "2.0"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Huawei"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "There is a Improper Validation of Array Index vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to memory overflow and information leakage."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Improper Validation of Array Index vulnerability"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202109-0000001196270727",
            "refsource": "MISC",
            "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202109-0000001196270727"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:huawei:harmonyos:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@huawei.com",
          "ID": "CVE-2021-37062"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "There is a Improper Validation of Array Index vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to memory overflow and information leakage."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-129"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202109-0000001196270727",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202109-0000001196270727"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.4,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 4.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 5.2
        }
      },
      "lastModifiedDate": "2021-12-09T17:39Z",
      "publishedDate": "2021-12-07T17:15Z"
    }
  }
}

CNVD-2022-47653

Vulnerability from cnvd - Published: 2022-06-24

Title

Huawei HarmonyOS信息泄露漏洞

Description

Huawei HarmonyOS是中国华为（Huawei）公司的一个操作系统。提供一个基于微内核的全场景分布式操作系统。 Huawei HarmonyOS 2.0版本存在信息泄露漏洞。该漏洞源于Kernel模块中未对Array Index进行正确验证。攻击者可利用该漏洞导致内存溢出或信息泄漏。

Severity

中

Patch Name

Huawei HarmonyOS信息泄露漏洞的补丁

Patch Description

Huawei HarmonyOS是中国华为（Huawei）公司的一个操作系统。提供一个基于微内核的全场景分布式操作系统。 Huawei HarmonyOS 2.0版本存在信息泄露漏洞。该漏洞源于Kernel模块中未对Array Index进行正确验证。攻击者可利用该漏洞导致内存溢出或信息泄漏。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://device.harmonyos.com/cn/docs/security/update/security-bulletins-202109-0000001196270727

Reference

https://nvd.nist.gov/vuln/detail/CVE-2021-37062

Impacted products

Name
Huawei HarmonyOS <2.0

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2021-37062",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2021-37062"
    }
  },
  "description": "Huawei HarmonyOS\u662f\u4e2d\u56fd\u534e\u4e3a\uff08Huawei\uff09\u516c\u53f8\u7684\u4e00\u4e2a\u64cd\u4f5c\u7cfb\u7edf\u3002\u63d0\u4f9b\u4e00\u4e2a\u57fa\u4e8e\u5fae\u5185\u6838\u7684\u5168\u573a\u666f\u5206\u5e03\u5f0f\u64cd\u4f5c\u7cfb\u7edf\u3002\n\nHuawei HarmonyOS 2.0\u7248\u672c\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8eKernel\u6a21\u5757\u4e2d\u672a\u5bf9Array Index\u8fdb\u884c\u6b63\u786e\u9a8c\u8bc1\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u5185\u5b58\u6ea2\u51fa\u6216\u4fe1\u606f\u6cc4\u6f0f\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://device.harmonyos.com/cn/docs/security/update/security-bulletins-202109-0000001196270727",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2022-47653",
  "openTime": "2022-06-24",
  "patchDescription": "Huawei HarmonyOS\u662f\u4e2d\u56fd\u534e\u4e3a\uff08Huawei\uff09\u516c\u53f8\u7684\u4e00\u4e2a\u64cd\u4f5c\u7cfb\u7edf\u3002\u63d0\u4f9b\u4e00\u4e2a\u57fa\u4e8e\u5fae\u5185\u6838\u7684\u5168\u573a\u666f\u5206\u5e03\u5f0f\u64cd\u4f5c\u7cfb\u7edf\u3002\r\n\r\nHuawei HarmonyOS 2.0\u7248\u672c\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8eKernel\u6a21\u5757\u4e2d\u672a\u5bf9Array Index\u8fdb\u884c\u6b63\u786e\u9a8c\u8bc1\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u5185\u5b58\u6ea2\u51fa\u6216\u4fe1\u606f\u6cc4\u6f0f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Huawei HarmonyOS\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Huawei HarmonyOS \u003c2.0"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2021-37062",
  "serverity": "\u4e2d",
  "submitTime": "2022-05-05",
  "title": "Huawei HarmonyOS\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e"
}

VAR-202112-0252

Vulnerability from variot - Updated: 2024-08-14 14:31

There is a Improper Validation of Array Index vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to memory overflow and information leakage. Huawei Smartphones contain an array index validation vulnerability.Information is obtained and service operation is interrupted (DoS) It may be in a state. Huawei HarmonyOS is an operating system of the Chinese company Huawei. Provide a microkernel-based full-scenario distributed operating system. Huawei HarmonyOS 2.0 has an information disclosure vulnerability

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202112-0252",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "harmonyos",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "huawei",
        "version": "2.0"
      },
      {
        "model": "harmonyos",
        "scope": null,
        "trust": 0.8,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "harmonyos",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "huawei",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-016039"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-37062"
      }
    ]
  },
  "cve": "CVE-2021-37062",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.4,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CVE-2021-37062",
            "impactScore": 4.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 1.8,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.4,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "VHN-398896",
            "impactScore": 4.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "id": "CVE-2021-37062",
            "impactScore": 5.2,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 9.1,
            "baseSeverity": "Critical",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2021-37062",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2021-37062",
            "trust": 1.0,
            "value": "CRITICAL"
          },
          {
            "author": "NVD",
            "id": "CVE-2021-37062",
            "trust": 0.8,
            "value": "Critical"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202109-2044",
            "trust": 0.6,
            "value": "CRITICAL"
          },
          {
            "author": "VULHUB",
            "id": "VHN-398896",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-398896"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-016039"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202109-2044"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-37062"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "There is a Improper Validation of Array Index vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to memory overflow and information leakage. Huawei Smartphones contain an array index validation vulnerability.Information is obtained and service operation is interrupted (DoS) It may be in a state. Huawei HarmonyOS is an operating system of the Chinese company Huawei. Provide a microkernel-based full-scenario distributed operating system. Huawei HarmonyOS 2.0 has an information disclosure vulnerability",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-37062"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-016039"
      },
      {
        "db": "VULHUB",
        "id": "VHN-398896"
      }
    ],
    "trust": 1.71
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2021-37062",
        "trust": 3.3
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-016039",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202109-2044",
        "trust": 0.6
      },
      {
        "db": "CNVD",
        "id": "CNVD-2022-47653",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-398896",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-398896"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-016039"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202109-2044"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-37062"
      }
    ]
  },
  "id": "VAR-202112-0252",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-398896"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-08-14T14:31:29.721000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "security-bulletins-202109-0000001196270727",
        "trust": 0.8,
        "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202109-0000001196270727"
      },
      {
        "title": "Huawei HarmonyOS Enter the fix for the verification error vulnerability",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=173518"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-016039"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202109-2044"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-129",
        "trust": 1.1
      },
      {
        "problemtype": "Improper validation of array indexes (CWE-129) [NVD evaluation ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-398896"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-016039"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-37062"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202109-0000001196270727"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-37062"
      },
      {
        "trust": 0.6,
        "url": "https://device.harmonyos.com/cn/docs/security/update/security-bulletins-202109-0000001196270727"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-398896"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-016039"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202109-2044"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-37062"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-398896"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-016039"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202109-2044"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-37062"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-12-07T00:00:00",
        "db": "VULHUB",
        "id": "VHN-398896"
      },
      {
        "date": "2022-12-05T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2021-016039"
      },
      {
        "date": "2021-09-05T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202109-2044"
      },
      {
        "date": "2021-12-07T17:15:08.677000",
        "db": "NVD",
        "id": "CVE-2021-37062"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-12-09T00:00:00",
        "db": "VULHUB",
        "id": "VHN-398896"
      },
      {
        "date": "2022-12-05T07:23:00",
        "db": "JVNDB",
        "id": "JVNDB-2021-016039"
      },
      {
        "date": "2021-12-09T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202109-2044"
      },
      {
        "date": "2021-12-09T17:39:59.487000",
        "db": "NVD",
        "id": "CVE-2021-37062"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202109-2044"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Huawei\u00a0 Vulnerability related to array index validation in smartphones",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-016039"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "input validation error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202109-2044"
      }
    ],
    "trust": 0.6
  }
}

GHSA-HPMH-GXFC-P35H

Vulnerability from github – Published: 2021-12-08 00:01 – Updated: 2021-12-09 00:01

Details

There is a Improper Validation of Array Index vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to memory overflow and information leakage.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2021-37062"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-129"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-12-07T17:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "There is a Improper Validation of Array Index vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to memory overflow and information leakage.",
  "id": "GHSA-hpmh-gxfc-p35h",
  "modified": "2021-12-09T00:01:38Z",
  "published": "2021-12-08T00:01:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-37062"
    },
    {
      "type": "WEB",
      "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202109-0000001196270727"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2021-37062 (GCVE-0-2021-37062)

FKIE_CVE-2021-37062

GSD-2021-37062

CNVD-2022-47653

VAR-202112-0252

GHSA-HPMH-GXFC-P35H

Tags

Sightings

Nomenclature