CVE-2021-22304

There is a use after free vulnerability in Taurus-AL00A 10.0.0.1(C00E1R1P1). A module may refer to some memory after it has been freed while dealing with some messages. Attackers can exploit this vulnerability by sending specific message to the affected module. This may lead to module crash, compromising normal service.

Published: Feb 6, 2021
Updated: Apr 14, 2023
CVE: CVE-2021-22304
Severity: Low
Exploit:

CVSS v3:

Severity: Low
Score: 3.3
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

CVSS v2:

Severity: Low
Score: 2.1
AV:L/AC:L/Au:N/C:N/I:N/A:P

CWEs:

CWE-416

Affected Software
References

Software	From	Fixed in
huawei / taurus-al00a_firmware	10.0.0.1(c00e1r1p1)	10.0.0.1(c00e1r1p1).x

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210127-03-smartphone-en

Vulnerability Database

289,697

CVE-2021-22304