Buffer overflow in Huawei P30

CVE-2021-22327

There is an arbitrary memory write vulnerability in Huawei smart phone when processing file parsing. Due to insufficient validation of the input files, successful exploit could cause certain service abnormal. Affected product versions incl…

Vulnerability class: Buffer Overflow

EPSS: 0.005 (41.0th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.5 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H.

Affected products

  • Huawei P30
  • Huawei P30_firmware — versions 10.0.0.186\(c10e7r5p1\), 10.0.0.186\(c461e4r3p1\), 10.0.0.188\(c00e85r2p11\)
  • N/a Huawei P30 — versions 10.0.0.186(C10E7R5P1),10.0.0.186(C461E4R3P1),10.0.0.188(C00E85R2P11),10.0.0.188(C01E88R2P11),10.0.0.188(C605E19R1P3),10.0.0.190(C185E4R7P1),10.0.0.190(C431E22R2P5),10.0.0.190(C432E22R2P5),10.0.0.190(C605E19R1P3),10.0.0.190(C636E4R3P4),10.0.0.192(C635E3R2P4)

Weakness classification (CWE)

References

Frequently asked questions

What is CVE-2021-22327?
CVE-2021-22327 is a medium-severity vulnerability in Huawei P30, classified under Out-of-bounds Write. CVSS score: 6.5/10. Published 2021-04-28.
How severe is CVE-2021-22327?
Medium severity. CVSS v3 base score is 6.5 out of 10.