Lucene search

OpenHarmonyCVELIST:CVE-2022-38701

HistorySep 09, 2022 - 2:39 p.m.

CVE-2022-38701 IPC in communication subsystem has a heap overflow vulnerability. Local attackers can trigger a heap overflow and get network sensitive information.

2022-09-0914:39:57

CWE-122

OpenHarmony

www.cve.org

cve-2022-38701

communication subsystem

heap overflow

vulnerability

openharmony-v3.1.2

local attackers

network sensitive information

CVSS3

6.2

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

EPSS

Percentile

5.1%

JSON

OpenHarmony-v3.1.2 and prior versions have a heap overflow vulnerability. Local attackers can trigger a heap overflow and get network sensitive information.

CNA Affected

[
  {
    "product": "OpenHarmony",
    "vendor": "OpenHarmony",
    "versions": [
      {
        "lessThanOrEqual": "3.1.2",
        "status": "affected",
        "version": "OpenHarmony-v3.1.x-Release",
        "versionType": "custom"
      },
      {
        "lessThanOrEqual": "3.0.5",
        "status": "affected",
        "version": "OpenHarmony-v3.0.x-LTS",
        "versionType": "custom"
      }
    ]
  }
]

References

gitee.com/openharmony/security/blob/master/en/security-disclosure/2022/2022-09.md

CVSS3

6.2

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

EPSS

Percentile

5.1%

JSON

Related for CVELIST:CVE-2022-38701