CVE-2021-22304
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
There is a use after free vulnerability in Taurus-AL00A 10.0.0.1(C00E1R1P1). A module may refer to some memory after it has been freed while dealing with some messages. Attackers can exploit this vulnerability by sending specific message to the affected module. This may lead to module crash, compromising normal service.
Se presenta una vulnerabilidad de uso de la memoria previamente liberada en Taurus-AL00A versión 10.0.0.1(C00E1R1P1). Un módulo puede hacer referencia a alguna memoria después de haberla liberado mientras se ocupa de algunos mensajes. Los atacantes pueden explotar esta vulnerabilidad mediante el envío de un mensaje específico al módulo afectado. Esto puede conllevar a un bloqueo del módulo, comprometiendo el servicio normal
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-01-05 CVE Reserved
- 2021-02-06 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-03 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-416: Use After Free
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210127-03-smartphone-en | 2021-02-10 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Huawei Search vendor "Huawei" | Taurus-al00a Firmware Search vendor "Huawei" for product "Taurus-al00a Firmware" | 10.0.0.1\(c00e1r1p1\) Search vendor "Huawei" for product "Taurus-al00a Firmware" and version "10.0.0.1\(c00e1r1p1\)" | - |
Affected
| in | Huawei Search vendor "Huawei" | Taurus-al00a Search vendor "Huawei" for product "Taurus-al00a" | - | - |
Safe
|