Pointer Double Free Vulnerability in Huawei CloudEngine Series
CVE-2021-22332

7.5HIGH

Key Information:

Vendor: Huawei
Status: Cloudengine 12800;cloudengine 5800;cloudengine 6800;cloudengine 7800
Vendor: CVE Published:; 28 April 2021

Summary

A pointer double free vulnerability has been identified in specific versions of Huawei's CloudEngine series, including the 5800, 6800, 7800, and 12800 models. This issue arises when a function unintentionally duplicates a memory pointer across two functional modules, allowing attackers to exploit the vulnerability through malicious operations. If successfully executed, this exploit could lead to a crash of the affected module, disrupting normal service and affecting network reliability.

Affected Version(s)

CloudEngine 12800;CloudEngine 5800;CloudEngine 6800;CloudEngine 7800 V200R002C50SPC800,V200R003C00SPC810,V200R005C00SPC800,V200R005C10SPC800

References

https://www.huawei.com/en/psirt/security-advisories/huawe...

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 28, 2021
Vulnerability Reserved
Jan 5, 2021