CVE-2021-22304: Use After Free
First published: Sat Feb 06 2021(Updated: )
There is a use after free vulnerability in Taurus-AL00A 10.0.0.1(C00E1R1P1). A module may refer to some memory after it has been freed while dealing with some messages. Attackers can exploit this vulnerability by sending specific message to the affected module. This may lead to module crash, compromising normal service.
Credit: psirt@huawei.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Huawei Taurus-al00a Firmware | =10.0.0.1\(c00e1r1p1\) | |
| Huawei Taurus-al00a |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2021-22304?
CVE-2021-22304 is a use after free vulnerability in Taurus-AL00A 10.0.0.1(C00E1R1P1) firmware.
How does CVE-2021-22304 impact Huawei Taurus-AL00A firmware?
CVE-2021-22304 allows attackers to send specific messages to an affected module, leading to module crash or compromise.
What is the severity of CVE-2021-22304?
CVE-2021-22304 has a severity rating of low (3.3).
How can attackers exploit CVE-2021-22304?
Attackers can exploit CVE-2021-22304 by sending specific messages to the affected module.
Is Huawei Taurus-AL00A vulnerable to CVE-2021-22304?
Yes, Huawei Taurus-AL00A firmware version 10.0.0.1 (C00E1R1P1) is vulnerable to CVE-2021-22304.
- collector/nvd-index
- agent/severity
- agent/weakness
- agent/references
- agent/author
- agent/type
- agent/description
- agent/tags
- agent/event
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- collector/mitre-cve
- source/MITRE
- vendor/huawei
- canonical/huawei taurus-al00a firmware
- version/huawei taurus-al00a firmware/10.0.0.1\(c00e1r1p1\)
- canonical/huawei taurus-al00a