Lucene search

K
cvelistOpenHarmonyCVELIST:CVE-2024-31078
HistoryMay 07, 2024 - 6:27 a.m.

CVE-2024-31078 Bluetooth Service has a use after free vulnerability

2024-05-0706:27:02
CWE-476
OpenHarmony
www.cve.org
cve-2024-31078
bluetooth service
openharmony v4.0.0
prior versions
local attacker
service crash
null pointer dereference

3.3 Low

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

4.3 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%

in OpenHarmony v4.0.0 and prior versions allow a local attacker cause service crash through NULL pointer dereference.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "OpenHarmony",
    "vendor": "OpenHarmony",
    "versions": [
      {
        "lessThan": "v4.0.1",
        "status": "affected",
        "version": "v4.0.0",
        "versionType": "custom"
      }
    ]
  }
]

3.3 Low

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

4.3 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%

Related for CVELIST:CVE-2024-31078