Sign-up

ID

VAR-202106-1586


CVE

CVE-2021-25384


TITLE

Android  Input confirmation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2021-007807

DESCRIPTION

An improper input validation vulnerability in sdfffd_parse_chunk_PROP() with Sample Rate Chunk in libsdffextractor library prior to SMR MAY-2021 Release 1 allows attackers to execute arbitrary code on mediaextractor process. Android Is vulnerable to input validation.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Samsung libsdffextractor library is a component of Samsung mobile devices. Samsung libsdffextractor library has an input validation error vulnerability

Trust: 2.25

sources: NVD: CVE-2021-25384 // JVNDB: JVNDB-2021-007807 // CNVD: CNVD-2025-02732 // VULMON: CVE-2021-25384

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2025-02732

AFFECTED PRODUCTS

vendor:googlemodel:androidscope:eqversion:10.0

Trust: 1.0

vendor:googlemodel:androidscope:eqversion:9.0

Trust: 1.0

vendor:googlemodel:androidscope:eqversion:11.0

Trust: 1.0

vendor:googlemodel:androidscope:eqversion:8.1

Trust: 1.0

vendor:googlemodel:androidscope: - version: -

Trust: 0.8

vendor:googlemodel:androidscope:eqversion: -

Trust: 0.8

vendor:samsungmodel:mobile devices qscope: - version: -

Trust: 0.6

vendor:samsungmodel:mobile devices rscope: - version: -

Trust: 0.6

vendor:samsungmodel:mobile devices oscope: - version: -

Trust: 0.6

vendor:samsungmodel:mobile devices pscope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2025-02732 // JVNDB: JVNDB-2021-007807 // NVD: CVE-2021-25384

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-25384
value: CRITICAL

Trust: 1.0

mobile.security@samsung.com: CVE-2021-25384
value: CRITICAL

Trust: 1.0

NVD: CVE-2021-25384
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2025-02732
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202106-926
value: CRITICAL

Trust: 0.6

VULMON: CVE-2021-25384
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2021-25384
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2025-02732
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2021-25384
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

mobile.security@samsung.com: CVE-2021-25384
baseSeverity: CRITICAL
baseScore: 9.0
vectorString: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.2
impactScore: 6.0
version: 3.1

Trust: 1.0

NVD: CVE-2021-25384
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2025-02732 // VULMON: CVE-2021-25384 // JVNDB: JVNDB-2021-007807 // CNNVD: CNNVD-202106-926 // NVD: CVE-2021-25384 // NVD: CVE-2021-25384

PROBLEMTYPE DATA

problemtype:CWE-122

Trust: 1.0

problemtype:CWE-787

Trust: 1.0

problemtype:Incorrect input confirmation (CWE-20) [NVD Evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2021-007807 // NVD: CVE-2021-25384

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202106-926

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202106-926

PATCH

title:top pageurl:https://www.android.com/intl/ja_jp/

Trust: 0.8

title:Patch for Samsung libsdffextractor library input validation error vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/654781

Trust: 0.6

title:Samsung SMR Enter the fix for the verification error vulnerabilityurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=154359

Trust: 0.6

sources: CNVD: CNVD-2025-02732 // JVNDB: JVNDB-2021-007807 // CNNVD: CNNVD-202106-926

EXTERNAL IDS

db:NVDid:CVE-2021-25384

Trust: 3.9

db:JVNDBid:JVNDB-2021-007807

Trust: 0.8

db:CNVDid:CNVD-2025-02732

Trust: 0.6

db:CNNVDid:CNNVD-202106-926

Trust: 0.6

db:VULMONid:CVE-2021-25384

Trust: 0.1

sources: CNVD: CNVD-2025-02732 // VULMON: CVE-2021-25384 // JVNDB: JVNDB-2021-007807 // CNNVD: CNNVD-202106-926 // NVD: CVE-2021-25384

REFERENCES

url:https://security.samsungmobile.com/securityupdate.smsb?year=2021&month=5

Trust: 2.5

url:https://nvd.nist.gov/vuln/detail/cve-2021-25384

Trust: 1.4

url:https://cwe.mitre.org/data/definitions/20.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: CNVD: CNVD-2025-02732 // VULMON: CVE-2021-25384 // JVNDB: JVNDB-2021-007807 // CNNVD: CNNVD-202106-926 // NVD: CVE-2021-25384

SOURCES

db:CNVDid:CNVD-2025-02732
db:VULMONid:CVE-2021-25384
db:JVNDBid:JVNDB-2021-007807
db:CNNVDid:CNNVD-202106-926
db:NVDid:CVE-2021-25384

LAST UPDATE DATE

2025-02-14T23:00:38.924000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2025-02732date:2025-02-12T00:00:00
db:VULMONid:CVE-2021-25384date:2021-06-15T00:00:00
db:JVNDBid:JVNDB-2021-007807date:2022-02-22T09:09:00
db:CNNVDid:CNNVD-202106-926date:2022-10-26T00:00:00
db:NVDid:CVE-2021-25384date:2022-10-25T18:25:58.980

SOURCES RELEASE DATE

db:CNVDid:CNVD-2025-02732date:2025-02-12T00:00:00
db:VULMONid:CVE-2021-25384date:2021-06-11T00:00:00
db:JVNDBid:JVNDB-2021-007807date:2022-02-22T00:00:00
db:CNNVDid:CNNVD-202106-926date:2021-06-11T00:00:00
db:NVDid:CVE-2021-25384date:2021-06-11T15:15:08.257