Login Sign Up

CVE-2021-46881

7.5 HIGH
Denial of Service Buffer Overflow

📋 TL;DR

This CVE describes a buffer overflow vulnerability in Huawei video framework caused by addition overflow. Attackers could exploit this to overwrite memory and potentially crash affected systems, affecting availability. Huawei device users with vulnerable video framework versions are affected.

💻 Affected Systems

Products:
  • Huawei devices with vulnerable video framework
Versions: Specific versions not detailed in provided references; check Huawei bulletins for exact ranges
Operating Systems: Android-based Huawei systems
Default Config Vulnerable: ⚠️ Yes
Notes: Vulnerability exists in default video framework configuration; exploitation requires triggering specific video processing conditions

📦 What is this software?

Emui by Huawei

View all CVEs affecting Emui →

Emui by Huawei

View all CVEs affecting Emui →

Emui by Huawei

View all CVEs affecting Emui →

Emui by Huawei

View all CVEs affecting Emui →

Emui by Huawei

View all CVEs affecting Emui →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system crash or denial of service, potentially leading to device instability requiring reboot

🟠

Likely Case

Application crash or video framework malfunction causing degraded functionality

🟢

If Mitigated

Minimal impact with proper memory protection mechanisms and exploit mitigations in place

🌐 Internet-Facing: MEDIUM - Requires specific video processing scenarios but could be triggered remotely via malicious media
🏢 Internal Only: MEDIUM - Similar risk profile whether internet-facing or internal, depends on attack vector

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires specific video processing conditions; no public exploit details available

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Huawei security bulletins for specific patched versions

Vendor Advisory: https://consumer.huawei.com/en/support/bulletin/2023/5/

Restart Required: Yes

Instructions:

1. Check Huawei security bulletin for affected device models. 2. Apply latest security updates via Settings > System & updates > Software update. 3. Restart device after update completes.

🔧 Temporary Workarounds

Disable unnecessary video processing

all

Reduce attack surface by limiting video framework usage

Memory protection enforcement

all

Enable ASLR and other memory protection features if available

🧯 If You Can't Patch

  • Isolate affected devices from untrusted networks
  • Monitor for abnormal video framework crashes or memory usage patterns

🔍 How to Verify

Check if Vulnerable:

Check device model and software version against Huawei security bulletins

Check Version:

Settings > About phone > Build number / Software version

Verify Fix Applied:

Verify software version matches or exceeds patched version in Huawei advisory

📡 Detection & Monitoring

Log Indicators:

  • Video framework crash logs
  • Abnormal memory access patterns in system logs

Network Indicators:

  • Unusual video streaming patterns to vulnerable devices

SIEM Query:

Search for video framework process crashes or memory violation events

📊 Metadata

CVE ID: CVE-2021-46881
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-120
Published: May 26, 2023
Last Updated: January 16, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-46881, you might also want to check these:

CVE-2023-24482 10.0

This CVE describes a critical buffer overflow vulnerability in COMOS software's cache validation ser...

Same vulnerability type (CWE-120)
CVE-2024-22039 10.0

This vulnerability allows unauthenticated remote attackers to execute arbitrary code with root privi...

Same vulnerability type (CWE-120)
CVE-2022-22570 10.0

A buffer overflow vulnerability in UniFi Door Access Reader Lite firmware allows attackers with netw...

Same vulnerability type (CWE-120)