Lucene search

OpenHarmonyCVELIST:CVE-2024-28044

HistorySep 02, 2024 - 3:24 a.m.

CVE-2024-28044 Liteos-A has an integer overflow vulnerability

2024-09-0203:24:52

CWE-190

OpenHarmony

www.cve.org

liteos-a

integer overflow

openharmony

local attacker

crash

CVSS3

3.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

EPSS

Percentile

9.5%

JSON

in OpenHarmony v4.1.0 and prior versions allow a local attacker cause crash through integer overflow.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "OpenHarmony",
    "vendor": "OpenHarmony",
    "versions": [
      {
        "lessThanOrEqual": "4.1.0",
        "status": "affected",
        "version": "v4.0.0",
        "versionType": "custom"
      }
    ]
  }
]

References

gitee.com/openharmony/security/blob/master/zh/security-disclosure/2024/2024-09.md

CVSS3

3.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

EPSS

Percentile

9.5%

JSON

Related for CVELIST:CVE-2024-28044