OpenCVE

In asf extractor, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05489178; Issue ID: ALPS05561388.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:L/AC:L/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Google	Android
Mediatek	Mt5522 Mt5527 Mt5597 Mt5598 Mt5599 Mt6580 Mt6735 Mt6737 Mt6739 Mt6750s Mt6753 Mt6755s Mt6757 Mt6757c Mt6757cd Mt6757ch Mt6761 Mt6762 Mt6763 Mt6765 Mt6768 Mt6771 Mt6779 Mt6785 Mt6833 Mt6853 Mt6853t Mt6873 Mt6877 Mt6885 Mt6889 Mt6893 Mt8163 Mt8167 Mt8167s Mt8168 Mt8173 Mt8175 Mt8183 Mt8185 Mt8195 Mt8321 Mt8362a Mt8365 Mt8385 Mt8765 Mt8766 Mt8768 Mt8786 Mt8788 Mt8789 Mt8791 Mt8797 Mt9256 Mt9285 Mt9286 Mt9288 Mt9629 Mt9631 Mt9632 Mt9636 Mt9638 Mt9639 Mt9650 Mt9652 Mt9669 Mt9670 Mt9675 Mt9685 Mt9686 Mt9688 Mt9931 Mt9950 Mt9970 Mt9980 Mt9981

Configuration 1 [-]

AND

OR	cpe:2.3:h:mediatek:mt5522:-:::::::*
	cpe:2.3:h:mediatek:mt5527:-:::::::*
	cpe:2.3:h:mediatek:mt5597:-:::::::*
	cpe:2.3:h:mediatek:mt5598:-:::::::*
	cpe:2.3:h:mediatek:mt5599:-:::::::*
	cpe:2.3:h:mediatek:mt6580:-:::::::*
	cpe:2.3:h:mediatek:mt6735:-:::::::*
	cpe:2.3:h:mediatek:mt6737:-:::::::*
	cpe:2.3:h:mediatek:mt6739:-:::::::*
	cpe:2.3:h:mediatek:mt6750s:-:::::::*
	cpe:2.3:h:mediatek:mt6753:-:::::::*
	cpe:2.3:h:mediatek:mt6755s:-:::::::*
	cpe:2.3:h:mediatek:mt6757:-:::::::*
	cpe:2.3:h:mediatek:mt6757c:-:::::::*
	cpe:2.3:h:mediatek:mt6757cd:-:::::::*
	cpe:2.3:h:mediatek:mt6757ch:-:::::::*
	cpe:2.3:h:mediatek:mt6761:-:::::::*
	cpe:2.3:h:mediatek:mt6762:-:::::::*
	cpe:2.3:h:mediatek:mt6763:-:::::::*
	cpe:2.3:h:mediatek:mt6765:-:::::::*
	cpe:2.3:h:mediatek:mt6768:-:::::::*
	cpe:2.3:h:mediatek:mt6771:-:::::::*
	cpe:2.3:h:mediatek:mt6779:-:::::::*
	cpe:2.3:h:mediatek:mt6785:-:::::::*
	cpe:2.3:h:mediatek:mt6833:-:::::::*
	cpe:2.3:h:mediatek:mt6853:-:::::::*
	cpe:2.3:h:mediatek:mt6853t:-:::::::*
	cpe:2.3:h:mediatek:mt6873:-:::::::*
	cpe:2.3:h:mediatek:mt6877:-:::::::*
	cpe:2.3:h:mediatek:mt6885:-:::::::*
	cpe:2.3:h:mediatek:mt6889:-:::::::*
	cpe:2.3:h:mediatek:mt6893:-:::::::*
	cpe:2.3:h:mediatek:mt8163:-:::::::*
	cpe:2.3:h:mediatek:mt8167:-:::::::*
	cpe:2.3:h:mediatek:mt8167s:-:::::::*
	cpe:2.3:h:mediatek:mt8168:-:::::::*
	cpe:2.3:h:mediatek:mt8173:-:::::::*
	cpe:2.3:h:mediatek:mt8175:-:::::::*
	cpe:2.3:h:mediatek:mt8183:-:::::::*
	cpe:2.3:h:mediatek:mt8185:-:::::::*
	cpe:2.3:h:mediatek:mt8195:-:::::::*
	cpe:2.3:h:mediatek:mt8321:-:::::::*
	cpe:2.3:h:mediatek:mt8362a:-:::::::*
	cpe:2.3:h:mediatek:mt8365:-:::::::*
	cpe:2.3:h:mediatek:mt8385:-:::::::*
	cpe:2.3:h:mediatek:mt8765:-:::::::*
	cpe:2.3:h:mediatek:mt8766:-:::::::*
	cpe:2.3:h:mediatek:mt8768:-:::::::*
	cpe:2.3:h:mediatek:mt8786:-:::::::*
	cpe:2.3:h:mediatek:mt8788:-:::::::*
	cpe:2.3:h:mediatek:mt8789:-:::::::*
	cpe:2.3:h:mediatek:mt8791:-:::::::*
	cpe:2.3:h:mediatek:mt8797:-:::::::*
	cpe:2.3:h:mediatek:mt9256:-:::::::*
	cpe:2.3:h:mediatek:mt9285:-:::::::*
	cpe:2.3:h:mediatek:mt9286:-:::::::*
	cpe:2.3:h:mediatek:mt9288:-:::::::*
	cpe:2.3:h:mediatek:mt9629:-:::::::*
	cpe:2.3:h:mediatek:mt9631:-:::::::*
	cpe:2.3:h:mediatek:mt9632:-:::::::*
	cpe:2.3:h:mediatek:mt9636:-:::::::*
	cpe:2.3:h:mediatek:mt9638:-:::::::*
	cpe:2.3:h:mediatek:mt9639:-:::::::*
	cpe:2.3:h:mediatek:mt9650:-:::::::*
cpe:2.3:h:mediatek:mt9652:-:::::::*
cpe:2.3:h:mediatek:mt9669:-:::::::*
cpe:2.3:h:mediatek:mt9670:-:::::::*
cpe:2.3:h:mediatek:mt9675:-:::::::*
cpe:2.3:h:mediatek:mt9685:-:::::::*
cpe:2.3:h:mediatek:mt9686:-:::::::*
cpe:2.3:h:mediatek:mt9688:-:::::::*
cpe:2.3:h:mediatek:mt9931:-:::::::*
cpe:2.3:h:mediatek:mt9950:-:::::::*
cpe:2.3:h:mediatek:mt9970:-:::::::*
cpe:2.3:h:mediatek:mt9980:-:::::::*
cpe:2.3:h:mediatek:mt9981:-:::::::*

OR	cpe:2.3:o:google:android:10.0:::::::*
	cpe:2.3:o:google:android:11.0:::::::*

No data.

References

Link	Providers
https://corp.mediatek.com/product-security-bulletin/November-2021

History

No history.

MITRE

Status: PUBLISHED

Assigner: google_android

Published: 2021-11-18T14:55:30

Updated: 2024-08-03T15:47:28.181Z

Reserved: 2020-11-06T00:00:00

Link: CVE-2021-0622

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2021-11-18T15:15:08.230

Modified: 2021-11-19T18:11:53.647

Link: CVE-2021-0622

Redhat

No data.

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Affected Vendors & Products

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object