Data Size Verification Flaw in Huawei Wearables
CVE-2021-22484

7.5HIGH

Key Information:

Vendor: Huawei
Status: Harmonyos
Vendor: CVE Published:; 28 December 2024

Summary

Certain Huawei wearable devices exhibit a vulnerability characterized by the lack of verification for actual data size during data reading operations. This oversight may facilitate exploitation that could lead to a server out of memory (OOM) situation, potentially compromising device performance and overall user experience. It is crucial for users and organizations relying on these devices to stay informed about such vulnerabilities and consider applying the necessary updates to mitigate risks associated with potential exploitation.

Affected Version(s)

HarmonyOS 2.0

References

https://device.harmonyos.com/en/docs/security/update/secu...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 28, 2024
Vulnerability Reserved
Jan 5, 2021