Lucene search

OpenHarmonyCVE-2024-28044

HistorySep 02, 2024 - 5:15 a.m.

CVE-2024-28044

2024-09-0205:15:15

CWE-190

OpenHarmony

web.nvd.nist.gov

openharmony prior versions local attacker integer overflow crash

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

Confidence

High

EPSS

Percentile

9.5%

JSON

in OpenHarmony v4.1.0 and prior versions allow a local attacker cause crash through integer overflow.

Affected configurations

Nvd

Node

openatomopenharmonyRange4.0–4.1-

VendorProductVersionCPE
openatomopenharmony*cpe:2.3:o:openatom:openharmony:*:*:*:*:-:*:*:*

Vendor	Product	Version	CPE
openatom	openharmony	*	cpe:2.3:o:openatom:openharmony:::::-:::*

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "OpenHarmony",
    "vendor": "OpenHarmony",
    "versions": [
      {
        "lessThanOrEqual": "4.1.0",
        "status": "affected",
        "version": "v4.0.0",
        "versionType": "custom"
      }
    ]
  }
]

References

gitee.com/openharmony/security/blob/master/zh/security-disclosure/2024/2024-09.md

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

Confidence

High

EPSS

Percentile

9.5%

JSON

Related for CVE-2024-28044