CVE-2021-22304

CWE-416Use After Free3 documents3 sources
Severity
3.3LOW
EPSS
0.0%
top 92.00%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Huawei Taurus-al00a Firmware
Timeline
PublishedFeb 6
Latest updateMay 24

Description

There is a use after free vulnerability in Taurus-AL00A 10.0.0.1(C00E1R1P1). A module may refer to some memory after it has been freed while dealing with some messages. Attackers can exploit this vulnerability by sending specific message to the affected module. This may lead to module crash, compromising normal service.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:LExploitability: 1.8 | Impact: 1.4

Affected Packages2 packages

CVEListV5taurus-al00a10.0.0.1(C00E1R1P1)
NVDhuawei/taurus-al00a_firmware10.0.0.1\(c00e1r1p1\)

🔴Vulnerability Details

2
GHSA
GHSA-fpwv-gp97-jc85: There is a use after free vulnerability in Taurus-AL00A 102022-05-24
CVEList
CVE-2021-22304: There is a use after free vulnerability in Taurus-AL00A 102021-02-06
CVE-2021-22304 (LOW CVSS 3.3) | There is a use after free vulnerabi | cvebase.io