CVE-2021-22303
Severity Score
3.3
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
There is a pointer double free vulnerability in Taurus-AL00A 10.0.0.1(C00E1R1P1). There is a lack of muti-thread protection when a function is called. Attackers can exploit this vulnerability by performing malicious operation to cause pointer double free. This may lead to module crash, compromising normal service.
Se presenta una vulnerabilidad de doble liberación de puntero en Taurus-AL00A versión 10.0.0.1(C00E1R1P1). Se presenta una falta de protección entre múltiples subprocesos cuando es llamada una función. Unos atacantes pueden explotar esta vulnerabilidad al llevar a cabo una operación maliciosa para causar una doble liberación de puntero. Esto puede causar un bloqueo del módulo, comprometiendo el servicio normal
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2021-01-05 CVE Reserved
- 2021-02-06 CVE Published
- 2023-10-22 EPSS Updated
- 2024-08-03 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-415: Double Free
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210127-02-smartphone-en | 2021-02-10 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Huawei Search vendor "Huawei" | Taurus-al00a Firmware Search vendor "Huawei" for product "Taurus-al00a Firmware" | 10.0.0.1\(c00e1r1p1\) Search vendor "Huawei" for product "Taurus-al00a Firmware" and version "10.0.0.1\(c00e1r1p1\)" | - |
Affected
| in | Huawei Search vendor "Huawei" | Taurus-al00a Search vendor "Huawei" for product "Taurus-al00a" | - | - |
Safe
|