Login Sign Up

CVE-2021-46883

7.5 HIGH
Denial of Service Buffer Overflow

📋 TL;DR

This CVE describes a buffer overflow vulnerability in Huawei video framework caused by addition overflow. Successful exploitation could allow attackers to crash affected systems, affecting availability. This affects Huawei devices running vulnerable video framework components.

💻 Affected Systems

Products:
  • Huawei smartphones and tablets with affected video framework
Versions: Specific versions not detailed in provided references; check Huawei security bulletins for exact affected versions.
Operating Systems: Android-based Huawei EMUI/HarmonyOS
Default Config Vulnerable: ⚠️ Yes
Notes: Vulnerability exists in video processing components; exploitation requires processing malicious video content.

📦 What is this software?

Emui by Huawei

View all CVEs affecting Emui →

Emui by Huawei

View all CVEs affecting Emui →

Emui by Huawei

View all CVEs affecting Emui →

Emui by Huawei

View all CVEs affecting Emui →

Emui by Huawei

View all CVEs affecting Emui →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system crash or denial of service, potentially leading to device instability requiring reboot.

🟠

Likely Case

Application crash or system instability affecting video functionality.

🟢

If Mitigated

Minimal impact with proper memory protection mechanisms and exploit mitigations in place.

🌐 Internet-Facing: MEDIUM - Requires specific conditions and potentially user interaction, but could be triggered via malicious media files.
🏢 Internal Only: MEDIUM - Similar risk profile but limited to internal network access vectors.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires crafting malicious video files and getting user to process them; no public exploit code known.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Huawei security updates for specific device models and firmware versions.

Vendor Advisory: https://consumer.huawei.com/en/support/bulletin/2023/5/

Restart Required: Yes

Instructions:

1. Check for security updates in device settings. 2. Install latest firmware update from Huawei. 3. Reboot device after update completes.

🔧 Temporary Workarounds

Disable automatic video processing

all

Prevent automatic processing of video files from untrusted sources.

Use trusted video sources only

all

Avoid opening video files from unknown or untrusted sources.

🧯 If You Can't Patch

  • Isolate affected devices from processing untrusted video content
  • Implement network segmentation to limit potential attack vectors

🔍 How to Verify

Check if Vulnerable:

Check device firmware version against Huawei security bulletins; vulnerability exists in specific video framework versions.

Check Version:

Settings > About phone > Build number (on Huawei Android devices)

Verify Fix Applied:

Verify device has installed latest security update from Huawei and firmware version matches patched versions.

📡 Detection & Monitoring

Log Indicators:

  • Application crashes in video processing apps
  • Memory violation errors in system logs

Network Indicators:

  • Unusual video file downloads to affected devices

SIEM Query:

Search for application crashes involving video processing components or memory violation errors on Huawei devices.

📊 Metadata

CVE ID: CVE-2021-46883
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-120
Published: May 26, 2023
Last Updated: January 16, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-46883, you might also want to check these:

CVE-2023-24482 10.0

This CVE describes a critical buffer overflow vulnerability in COMOS software's cache validation ser...

Same vulnerability type (CWE-120)
CVE-2024-22039 10.0

This vulnerability allows unauthenticated remote attackers to execute arbitrary code with root privi...

Same vulnerability type (CWE-120)
CVE-2022-22570 10.0

A buffer overflow vulnerability in UniFi Door Access Reader Lite firmware allows attackers with netw...

Same vulnerability type (CWE-120)