CVE-2021-22327

There is an arbitrary memory write vulnerability in Huawei smart phone when processing file parsing. Due to insufficient validation of the input files, successful exploit could cause certain service abnormal. Affected product versions include:HUAWEI P30 versions 10.0.0.186(C10E7R5P1), 10.0.0.186(C461E4R3P1), 10.0.0.188(C00E85R2P11), 10.0.0.188(C01E88R2P11),10.0.0.188(C605E19R1P3), 10.0.0.190(C185E4R7P1), 10.0.0.190(C431E22R2P5), 10.0.0.190(C432E22R2P5),10.0.0.190(C605E19R1P3), 10.0.0.190(C636E4R3P4), 10.0.0.192(C635E3R2P4).

Published: Apr 28, 2021
Updated: Apr 14, 2023
CVE: CVE-2021-22327
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.5
AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:N/I:N/A:P

CWEs:

CWE-787

Affected Software
References

Software	From	Fixed in
huawei / p30_firmware	10.0.0.186(c10e7r5p1)	10.0.0.186(c10e7r5p1).x
huawei / p30_firmware	10.0.0.186(c461e4r3p1)	10.0.0.186(c461e4r3p1).x
huawei / p30_firmware	10.0.0.188(c00e85r2p11)	10.0.0.188(c00e85r2p11).x
huawei / p30_firmware	10.0.0.188(c01e88r2p11)	10.0.0.188(c01e88r2p11).x
huawei / p30_firmware	10.0.0.188(c605e19r1p3)	10.0.0.188(c605e19r1p3).x
huawei / p30_firmware	10.0.0.190(c185e4r7p1)	10.0.0.190(c185e4r7p1).x
huawei / p30_firmware	10.0.0.190(c431e22r2p5)	10.0.0.190(c431e22r2p5).x
huawei / p30_firmware	10.0.0.190(c432e22r2p5)	10.0.0.190(c432e22r2p5).x
huawei / p30_firmware	10.0.0.190(c605e19r1p3)	10.0.0.190(c605e19r1p3).x
huawei / p30_firmware	10.0.0.190(c636e4r3p4)	10.0.0.190(c636e4r3p4).x
huawei / p30_firmware	10.0.0.192(c635e3r2p4)	10.0.0.192(c635e3r2p4).x

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210331-01-smartphone-en

Vulnerability Database

289,697

CVE-2021-22327