CVE-2021-0624

In flv extractor, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05594988; Issue ID: ALPS05594988.

CVSS v3 5.5 MEDIUM
CVSS v2.0 2.1 LOW

5.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

2.1^/10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:L/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 3.9 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://corp.mediatek.com/product-security-bulletin/November-2021	Vendor Advisory
https://corp.mediatek.com/product-security-bulletin/November-2021	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:o:google:android:10.0:::::::*
	cpe:2.3:o:google:android:11.0:::::::*

OR	cpe:2.3:h:mediatek:mt6580:-:::::::*
	cpe:2.3:h:mediatek:mt6735:-:::::::*
	cpe:2.3:h:mediatek:mt6737:-:::::::*
	cpe:2.3:h:mediatek:mt6750s:-:::::::*
	cpe:2.3:h:mediatek:mt6753:-:::::::*
	cpe:2.3:h:mediatek:mt6755s:-:::::::*
	cpe:2.3:h:mediatek:mt6757:-:::::::*
	cpe:2.3:h:mediatek:mt6757c:-:::::::*
	cpe:2.3:h:mediatek:mt6757cd:-:::::::*
	cpe:2.3:h:mediatek:mt6757ch:-:::::::*
	cpe:2.3:h:mediatek:mt6761:-:::::::*
	cpe:2.3:h:mediatek:mt6762:-:::::::*
	cpe:2.3:h:mediatek:mt6763:-:::::::*
	cpe:2.3:h:mediatek:mt6765:-:::::::*
	cpe:2.3:h:mediatek:mt6768:-:::::::*
	cpe:2.3:h:mediatek:mt6771:-:::::::*
	cpe:2.3:h:mediatek:mt6779:-:::::::*
	cpe:2.3:h:mediatek:mt6785:-:::::::*
	cpe:2.3:h:mediatek:mt6833:-:::::::*
	cpe:2.3:h:mediatek:mt6853:-:::::::*
	cpe:2.3:h:mediatek:mt6853t:-:::::::*
	cpe:2.3:h:mediatek:mt6873:-:::::::*
	cpe:2.3:h:mediatek:mt6877:-:::::::*
	cpe:2.3:h:mediatek:mt6885:-:::::::*
	cpe:2.3:h:mediatek:mt6889:-:::::::*
	cpe:2.3:h:mediatek:mt6893:-:::::::*
	cpe:2.3:h:mediatek:mt8163:-:::::::*
	cpe:2.3:h:mediatek:mt8167:-:::::::*
	cpe:2.3:h:mediatek:mt8167s:-:::::::*
	cpe:2.3:h:mediatek:mt8168:-:::::::*
	cpe:2.3:h:mediatek:mt8173:-:::::::*
	cpe:2.3:h:mediatek:mt8175:-:::::::*
	cpe:2.3:h:mediatek:mt8183:-:::::::*
	cpe:2.3:h:mediatek:mt8185:-:::::::*
	cpe:2.3:h:mediatek:mt8195:-:::::::*
	cpe:2.3:h:mediatek:mt8321:-:::::::*
	cpe:2.3:h:mediatek:mt8362a:-:::::::*
	cpe:2.3:h:mediatek:mt8365:-:::::::*
	cpe:2.3:h:mediatek:mt8385:-:::::::*
	cpe:2.3:h:mediatek:mt8735a:-:::::::*
	cpe:2.3:h:mediatek:mt8735b:-:::::::*
	cpe:2.3:h:mediatek:mt8765:-:::::::*
	cpe:2.3:h:mediatek:mt8766:-:::::::*
	cpe:2.3:h:mediatek:mt8768:-:::::::*
	cpe:2.3:h:mediatek:mt8786:-:::::::*
	cpe:2.3:h:mediatek:mt8788:-:::::::*
	cpe:2.3:h:mediatek:mt8789:-:::::::*
	cpe:2.3:h:mediatek:mt8791:-:::::::*
	cpe:2.3:h:mediatek:mt8797:-:::::::*

History

21 Nov 2024, 05:43

Type	Values Removed	Values Added
References	~~() https://corp.mediatek.com/product-security-bulletin/November-2021 - Vendor Advisory~~	() https://corp.mediatek.com/product-security-bulletin/November-2021 - Vendor Advisory

19 Nov 2021, 18:08

Type	Values Removed	Values Added
References	~~(MISC) https://corp.mediatek.com/product-security-bulletin/November-2021 -~~	(MISC) https://corp.mediatek.com/product-security-bulletin/November-2021 - Vendor Advisory
CPE		cpe:2.3:h:mediatek:mt8735b:-:::::::* cpe:2.3:h:mediatek:mt6889:-:::::::* cpe:2.3:h:mediatek:mt6762:-:::::::* cpe:2.3:h:mediatek:mt6873:-:::::::* cpe:2.3:h:mediatek:mt6755s:-:::::::* cpe:2.3:h:mediatek:mt6580:-:::::::* cpe:2.3:h:mediatek:mt8385:-:::::::* cpe:2.3:h:mediatek:mt6785:-:::::::* cpe:2.3:h:mediatek:mt6750s:-:::::::* cpe:2.3:h:mediatek:mt8786:-:::::::* cpe:2.3:h:mediatek:mt8766:-:::::::* cpe:2.3:h:mediatek:mt6757c:-:::::::* cpe:2.3:h:mediatek:mt8768:-:::::::* cpe:2.3:h:mediatek:mt6753:-:::::::* cpe:2.3:h:mediatek:mt8173:-:::::::* cpe:2.3:h:mediatek:mt8788:-:::::::* cpe:2.3:h:mediatek:mt8183:-:::::::* cpe:2.3:h:mediatek:mt8163:-:::::::* cpe:2.3:h:mediatek:mt8765:-:::::::* cpe:2.3:h:mediatek:mt6735:-:::::::* cpe:2.3:h:mediatek:mt8789:-:::::::* cpe:2.3:h:mediatek:mt8195:-:::::::* cpe:2.3:h:mediatek:mt6768:-:::::::* cpe:2.3:h:mediatek:mt6765:-:::::::* cpe:2.3:h:mediatek:mt8167:-:::::::* cpe:2.3:h:mediatek:mt6761:-:::::::* cpe:2.3:h:mediatek:mt6779:-:::::::* cpe:2.3:h:mediatek:mt8175:-:::::::* cpe:2.3:h:mediatek:mt8735a:-:::::::* cpe:2.3:h:mediatek:mt8791:-:::::::* cpe:2.3:h:mediatek:mt8167s:-:::::::* cpe:2.3:h:mediatek:mt8797:-:::::::* cpe:2.3:h:mediatek:mt6853:-:::::::* cpe:2.3:h:mediatek:mt8365:-:::::::* cpe:2.3:h:mediatek:mt6757cd:-:::::::* cpe:2.3:h:mediatek:mt6833:-:::::::* cpe:2.3:o:google:android:11.0:::::::* cpe:2.3:h:mediatek:mt6853t:-:::::::* cpe:2.3:h:mediatek:mt6763:-:::::::* cpe:2.3:h:mediatek:mt6885:-:::::::* cpe:2.3:h:mediatek:mt8168:-:::::::* cpe:2.3:h:mediatek:mt6771:-:::::::* cpe:2.3:h:mediatek:mt8362a:-:::::::* cpe:2.3:h:mediatek:mt6893:-:::::::* cpe:2.3:h:mediatek:mt6737:-:::::::* cpe:2.3:h:mediatek:mt6757:-:::::::* cpe:2.3:o:google:android:10.0:::::::* cpe:2.3:h:mediatek:mt8185:-:::::::* cpe:2.3:h:mediatek:mt6757ch:-:::::::* cpe:2.3:h:mediatek:mt8321:-:::::::* cpe:2.3:h:mediatek:mt6877:-:::::::*
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : 2.1 v3 : 5.5
CWE		CWE-125

18 Nov 2021, 15:24

Type	Values Removed	Values Added
New CVE

Information

Published : 2021-11-18 15:15

Updated : 2024-11-21 05:43

NVD link : CVE-2021-0624

Mitre link : CVE-2021-0624

CVE.ORG link : CVE-2021-0624

JSON object : View

Products Affected

mediatek

mt8766
mt6757c
mt6779
mt8385
mt8791
mt8183
mt6580
mt6768
mt8735a
mt8789
mt6757
mt6753
mt6771
mt8788
mt8362a
mt6893
mt6761
mt6873
mt8167s
mt8797
mt8786
mt8173
mt8768
mt6735
mt8765
mt8195
mt8167
mt8168
mt8163
mt6763
mt6889
mt6853t
mt6765
mt6757cd
mt6757ch
mt8185
mt8735b
mt6762
mt6853
mt8175
mt6755s
mt6785
mt6833
mt6877
mt6750s
mt8365
mt6885
mt6737
mt8321

google

android

CWE

CWE-125

Out-of-bounds Read

{"id": "CVE-2021-0624", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2021-11-18T15:15:08.343", "references": [{"url": "https://corp.mediatek.com/product-security-bulletin/November-2021", "tags": ["Vendor Advisory"], "source": "security@android.com"}, {"url": "https://corp.mediatek.com/product-security-bulletin/November-2021", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-125"}]}], "descriptions": [{"lang": "en", "value": "In flv extractor, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05594988; Issue ID: ALPS05594988."}, {"lang": "es", "value": "En flv extractor, se presenta una posible lectura fuera de l\u00edmites debido a un desbordamiento del b\u00fafer de la pila. Esto podr\u00eda conllevar a una divulgaci\u00f3n de informaci\u00f3n local sin ser necesarios privilegios de ejecuci\u00f3n adicionales. No es requerida una interacci\u00f3n del usuario para su explotaci\u00f3n. ID del Parche: ALPS05594988; ID del Problema: ALPS05594988."}], "lastModified": "2024-11-21T05:43:02.423", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:google:android:10.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D558D965-FA70-4822-A770-419E73BA9ED3"}, {"criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:mediatek:mt6580:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "46F71838-4E50-4F2A-9EB8-30AE5DF8511E"}, {"criteria": "cpe:2.3:h:mediatek:mt6735:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "C82E144B-0BAD-47E1-A657-3A5880988FE2"}, {"criteria": "cpe:2.3:h:mediatek:mt6737:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "4E76B29F-007E-4445-B3F3-3FDC054FEB84"}, {"criteria": "cpe:2.3:h:mediatek:mt6750s:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "12A1CB8F-3C1C-4374-8D46-23175D1174DE"}, {"criteria": "cpe:2.3:h:mediatek:mt6753:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "7362AED0-47F2-4D48-A292-89F717F0697E"}, {"criteria": "cpe:2.3:h:mediatek:mt6755s:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "7038AEA0-5BBE-44C9-92DE-96BDE3EEE45B"}, {"criteria": "cpe:2.3:h:mediatek:mt6757:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "B4C27948-65A7-4B1E-9F10-6744D176A5C3"}, {"criteria": "cpe:2.3:h:mediatek:mt6757c:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "D808EF4D-0A54-4324-8341-240F7AFABC40"}, {"criteria": "cpe:2.3:h:mediatek:mt6757cd:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "64EDB89E-8140-4202-97B3-9D7337E90FDE"}, {"criteria": "cpe:2.3:h:mediatek:mt6757ch:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "D2C5CC4F-DA66-4980-A4BB-693987431A38"}, {"criteria": "cpe:2.3:h:mediatek:mt6761:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F726F486-A86F-4215-AD93-7A07A071844A"}, {"criteria": "cpe:2.3:h:mediatek:mt6762:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "C445EB80-6021-4E26-B74E-1B4B6910CE48"}, {"criteria": "cpe:2.3:h:mediatek:mt6763:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2F19C76A-50DF-4ACA-BACA-07157B4D838B"}, {"criteria": "cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "43E779F6-F0A0-4153-9A1D-B715C3A2F80E"}, {"criteria": "cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "06CD97E1-8A76-48B4-9780-9698EF5A960F"}, {"criteria": "cpe:2.3:h:mediatek:mt6771:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "BE4D2AED-C713-407F-A34A-52C3D8F65835"}, {"criteria": "cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "EBA369B8-8E23-492B-82CC-23114E6A5D1C"}, {"criteria": "cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A82E0A4F-072F-474C-B94C-8114ABE05639"}, {"criteria": "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "9814939B-F05E-4870-90C0-7C0F6BAAEB39"}, {"criteria": "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "366F1912-756B-443E-9962-224937DD7DFB"}, {"criteria": "cpe:2.3:h:mediatek:mt6853t:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "328DA6BE-1303-4646-89B7-2EC8DC444532"}, {"criteria": "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B"}, {"criteria": "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58"}, {"criteria": "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "DD64413C-C774-4C4F-9551-89E1AA9469EE"}, {"criteria": "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "3B787DC3-8E5A-4968-B20B-37B6257FAAE2"}, {"criteria": "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "213B5C7F-D965-4312-9CDF-4F06FA77D401"}, {"criteria": "cpe:2.3:h:mediatek:mt8163:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "1D2ED140-C41B-418B-9DC7-8C486304E769"}, {"criteria": "cpe:2.3:h:mediatek:mt8167:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "3B5FE245-6346-4078-A3D0-E5F79BB636B8"}, {"criteria": "cpe:2.3:h:mediatek:mt8167s:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "639C5BDE-2E83-427A-BAB7-85EA9348AC68"}, {"criteria": "cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "3CE2FC35-716A-4706-97BA-5DB165041580"}, {"criteria": "cpe:2.3:h:mediatek:mt8173:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "4452EFCF-5733-40A0-8726-F8E33E569411"}, {"criteria": "cpe:2.3:h:mediatek:mt8175:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "582F1041-CD84-4763-AD6F-E08DD11F689F"}, {"criteria": "cpe:2.3:h:mediatek:mt8183:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "23F65D7B-31A1-4D94-82E9-254A7A6D7BE1"}, {"criteria": "cpe:2.3:h:mediatek:mt8185:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "62FDE8E0-FD9F-4D2B-944C-E17F34A09F06"}, {"criteria": "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "ED210E64-6CE7-42B1-849E-68C0E22521F6"}, {"criteria": "cpe:2.3:h:mediatek:mt8321:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "793B7F88-79E7-4031-8AD0-35C9BFD073C4"}, {"criteria": "cpe:2.3:h:mediatek:mt8362a:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2F16F2B9-D89D-4AB2-B768-CB3B22AEFE11"}, {"criteria": "cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "97C76F98-5D8D-4E52-ABAF-CD27C1205B0E"}, {"criteria": "cpe:2.3:h:mediatek:mt8385:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "299378ED-41CE-4966-99B1-65D2BA1215EF"}, {"criteria": "cpe:2.3:h:mediatek:mt8735a:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "45A7A805-EFED-47B3-884C-158FF1EECAEC"}, {"criteria": "cpe:2.3:h:mediatek:mt8735b:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "E1BB519B-9BA4-4D4A-8ED1-CE79E56E70E4"}, {"criteria": "cpe:2.3:h:mediatek:mt8765:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "3AACF35D-27E0-49AF-A667-13585C8B8071"}, {"criteria": "cpe:2.3:h:mediatek:mt8766:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "CE45F606-2E75-48BC-9D1B-99D504974CBF"}, {"criteria": "cpe:2.3:h:mediatek:mt8768:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "1CC6E254-11A9-49CE-83FE-6DAC23E7D7AA"}, {"criteria": "cpe:2.3:h:mediatek:mt8786:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "9D2D5F91-6AAB-4516-AD01-5C60F58BA4A6"}, {"criteria": "cpe:2.3:h:mediatek:mt8788:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "FE10C121-F2AD-43D2-8FF9-A6C197858220"}, {"criteria": "cpe:2.3:h:mediatek:mt8789:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "1505AD53-987E-4328-8E1D-F5F1EC12B677"}, {"criteria": "cpe:2.3:h:mediatek:mt8791:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "9CD2C3EC-B62D-4616-964F-FDBE5B14A449"}, {"criteria": "cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2B469BF4-5961-42E9-814B-1BE06D182E45"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "security@android.com"}

5.5 /10

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

2.1 /10

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

JSON object

Attach tags to CVE-2021-0624

5.5^/10

2.1^/10

Attach tags to `CVE-2021-0624`