Lucene search

Huawei TechnologiesHUAWEI-SA-20210407-01-DOUBLEFREE

HistoryApr 07, 2021 - 12:00 a.m.

Security Advisory - Pointer Double Free Vulnerability in Some Huawei Products

2021-04-0700:00:00

Huawei Technologies

www.huawei.com

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

42.5%

JSON

There is a pointer double free vulnerability in Some Huawei Products. When a function is called, the same memory pointer is copied to two functional modules. Attackers can exploit this vulnerability by performing malicious operation to cause pointer double free. This may lead to module crash, compromising normal service. (Vulnerability ID: HWPSIRT-2020-56196)

This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2021-22332.

Huawei has released software updates to fix this vulnerability. This advisory is available at the following link:

<http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210407-01-doublefree-en>

Affected configurations

Vulners

Node

huaweicloudengine_12800MatchV200R002C50SPC800

huaweicloudengine_12800MatchV200R003C00SPC810

huaweicloudengine_12800MatchV200R005C00SPC800

huaweicloudengine_12800MatchV200R005C10SPC800

huaweicloudengine_5800MatchV200R002C50SPC800

huaweicloudengine_5800MatchV200R003C00SPC810

huaweicloudengine_5800MatchV200R005C00SPC800

huaweicloudengine_5800MatchV200R005C10SPC800

huaweicloudengine_6800MatchV200R002C50SPC800

huaweicloudengine_6800MatchV200R003C00SPC810

huaweicloudengine_6800MatchV200R005C00SPC800

huaweicloudengine_6800MatchV200R005C10SPC800

huaweicloudengine_7800MatchV200R002C50SPC800

huaweicloudengine_7800MatchV200R003C00SPC810

huaweicloudengine_7800MatchV200R005C00SPC800

huaweicloudengine_7800MatchV200R005C10SPC800

CPENameOperatorVersion
cloudengine 12800eqV200R002C50SPC800
cloudengine 12800eqV200R003C00SPC810
cloudengine 12800eqV200R005C00SPC800
cloudengine 12800eqV200R005C10SPC800
cloudengine 5800eqV200R002C50SPC800
cloudengine 5800eqV200R003C00SPC810
cloudengine 5800eqV200R005C00SPC800
cloudengine 5800eqV200R005C10SPC800
cloudengine 6800eqV200R002C50SPC800
cloudengine 6800eqV200R003C00SPC810

Name	Operator	Version
cloudengine 12800	eq	V200R002C50SPC800
cloudengine 12800	eq	V200R003C00SPC810
cloudengine 12800	eq	V200R005C00SPC800
cloudengine 12800	eq	V200R005C10SPC800
cloudengine 5800	eq	V200R002C50SPC800
cloudengine 5800	eq	V200R003C00SPC810
cloudengine 5800	eq	V200R005C00SPC800
cloudengine 5800	eq	V200R005C10SPC800
cloudengine 6800	eq	V200R002C50SPC800
cloudengine 6800	eq	V200R003C00SPC810

Rows per page:

1-10 of 161

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

42.5%

JSON

Related for HUAWEI-SA-20210407-01-DOUBLEFREE