Lucene search

[email protected]CVE-2022-34739

HistoryJul 12, 2022 - 2:15 p.m.

CVE-2022-34739

2022-07-1214:15:19

[email protected]

web.nvd.nist.gov

cve-2022-34739

fingerprint

module

vulnerability

arithmetic addition

overflow

data acquisition

address mappings

nvd

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

0.002 Low

EPSS

Percentile

52.5%

JSON

The fingerprint module has a vulnerability of overflow in arithmetic addition. Successful exploitation of this vulnerability may result in the acquisition of data from unknown addresses in address mappings.

Affected configurations

NVD

Node

huaweiemuiMatch10.0.0

huaweiemuiMatch10.1.0

huaweiemuiMatch10.1.1

huaweiemuiMatch11.0.0

huaweiemuiMatch12.0.0

huaweiharmonyosMatch2.0

huaweimagic_uiMatch3.0.0

huaweimagic_uiMatch3.1.0

huaweimagic_uiMatch3.1.1

huaweimagic_uiMatch4.0.0

CPENameOperatorVersion
huawei:emuihuawei emuieq10.0.0
huawei:emuihuawei emuieq10.1.0
huawei:emuihuawei emuieq10.1.1
huawei:emuihuawei emuieq11.0.0
huawei:emuihuawei emuieq12.0.0
huawei:harmonyoshuawei harmonyoseq2.0
huawei:magic_uihuawei magic uieq3.0.0
huawei:magic_uihuawei magic uieq3.1.0
huawei:magic_uihuawei magic uieq3.1.1
huawei:magic_uihuawei magic uieq4.0.0

CPE	Name	Operator	Version
huawei:emui	huawei emui	eq	10.0.0
huawei:emui	huawei emui	eq	10.1.0
huawei:emui	huawei emui	eq	10.1.1
huawei:emui	huawei emui	eq	11.0.0
huawei:emui	huawei emui	eq	12.0.0
huawei:harmonyos	huawei harmonyos	eq	2.0
huawei:magic_ui	huawei magic ui	eq	3.0.0
huawei:magic_ui	huawei magic ui	eq	3.1.0
huawei:magic_ui	huawei magic ui	eq	3.1.1
huawei:magic_ui	huawei magic ui	eq	4.0.0

CNA Affected

[
  {
    "product": "HarmonyOS",
    "vendor": "Huawei",
    "versions": [
      {
        "status": "affected",
        "version": "2.0"
      }
    ]
  },
  {
    "product": "EMUI",
    "vendor": "Huawei",
    "versions": [
      {
        "status": "affected",
        "version": "10.0.0"
      },
      {
        "status": "affected",
        "version": "10.1.0"
      },
      {
        "status": "affected",
        "version": "10.1.1"
      },
      {
        "status": "affected",
        "version": "11.0.0"
      },
      {
        "status": "affected",
        "version": "12.0.0"
      }
    ]
  },
  {
    "product": "Magic UI",
    "vendor": "Huawei",
    "versions": [
      {
        "status": "affected",
        "version": "3.0.0"
      },
      {
        "status": "affected",
        "version": "3.1.0"
      },
      {
        "status": "affected",
        "version": "3.1.1"
      },
      {
        "status": "affected",
        "version": "4.0.0"
      }
    ]
  }
]

References

consumer.huawei.com/en/support/bulletin/2022/7/

device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202207-0000001342389149

Social References

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

0.002 Low

EPSS

Percentile

52.5%

JSON

Related for CVE-2022-34739

nvd1 cvelist1 prion1