CVE-2021-22341 — Missing Release of Memory after Effective Lifetime in Huawei IPS Module Firmware

CWE-401 — Missing Release of Memory after Effective Lifetime3 documents3 sources

Severity

4.9MEDIUMNVD

EPSS

0.2%

top 63.41%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Huawei IPS Module Firmware Huawei Ngfw Module Firmware Huawei Nip6300 Firmware +4 more

Timeline

PublishedJun 29

Latest updateMay 24

Description

There is a memory leak vulnerability in Huawei products. A resource management weakness exists in a module. Attackers with high privilege can exploit this vulnerability by performing some operations. This can lead to memory leak. Affected product versions include:IPS Module V500R005C00SPC100,V500R005C00SPC200;NGFW Module V500R005C00SPC100,V500R005C00SPC200;NIP6300 V500R005C00SPC100,V500R005C10SPC200;NIP6600 V500R005C00SPC100,V500R005C00SPC200;Secospace USG6300 V500R005C00SPC100,V500R005C00SPC200…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:HExploitability: 1.2 | Impact: 3.6

Affected Packages7 packages

▶NVDhuawei/ngfw_module_firmwarev500r005c00spc100, v500r005c00spc200+1

▶NVDhuawei/secospace_usg6300_firmwarev500r005c00spc100, v500r005c00spc200+1

▶NVDhuawei/secospace_usg6500_firmwarev500r005c00spc100, v500r005c10spc200+1

▶NVDhuawei/secospace_usg6600_firmwarev500r005c00spc100, v500r005c00spc200+1

▶NVDhuawei/ips_module_firmwarev500r005c00spc100, v500r005c00spc200+1

🔴Vulnerability Details

GHSA

GHSA-vw67-jhpq-87pm: There is a memory leak vulnerability in Huawei products↗2022-05-24

▶

CVEList

CVE-2021-22341: There is a memory leak vulnerability in Huawei products↗2021-06-29

▶