Openharmony@3.0 Security Vulnerabilities and Issues — Openharmony@3.0 CVE List

Lucene search

OpenatomOpenharmony3.0

8 matches found

CVE•added 2022/12/08 4:15 p.m.•58 views

CVE-2022-44455

The appspawn and nwebspawn services within OpenHarmony-v3.1.2 and prior versions were found to be vulnerable to buffer overflow vulnerability due to insufficient input validation. An unprivileged malicious application would be able to gain code execution within any application installed on the devi...

7.8CVSS7.4AI score0.00062EPSS

CVE•added 2023/01/09 3:15 a.m.•42 views

CVE-2023-0035

softbus_client_stub in communication subsystem within OpenHarmony-v3.0.5 and prior versions has an authentication bypass vulnerability which allows an "SA relay attack".Local attackers can bypass authentication and attack other SAs with high privilege.

7.8CVSS7.1AI score0.00008EPSS

CVE•added 2022/12/08 4:15 p.m.•41 views

CVE-2022-41802

Kernel subsystem within OpenHarmony-v3.1.4 and prior versions in kernel_liteos_a has a kernel stack overflow vulnerability when call SysClockGetres. 4 bytes padding data from kernel stack are copied to user space incorrectly and leaked.

4CVSS4AI score0.00088EPSS

CVE•added 2023/01/09 3:15 a.m.•41 views

CVE-2022-43662

Kernel subsystem within OpenHarmony-v3.1.4 and prior versions in kernel_liteos_a has a kernel stack overflow vulnerability when call SysTimerGettime. 4 bytes padding data from kernel stack are copied to user space incorrectly and leaked.

7.8CVSS5.8AI score0.0003EPSS

CVE•added 2023/03/10 11:15 a.m.•41 views

CVE-2023-0083

The ArKUI framework subsystem within OpenHarmony-v3.1.5 and prior versions, OpenHarmony-v3.0.7 and prior versions has an Improper Input Validation vulnerability which local attackers can exploit this vulnerability to send malicious data, causing the current application to crash.

5.5CVSS4.8AI score0.00022EPSS

CVE•added 2023/03/10 11:15 a.m.•39 views

CVE-2023-24465

Communication Wi-Fi subsystem within OpenHarmony-v3.1.4 and prior versions, OpenHarmony-v3.0.7 and prior versions has a null pointer reference vulnerability which local attackers can exploit this vulnerability to cause the current application to crash.

5.5CVSS5.3AI score0.00025EPSS

CVE•added 2023/01/09 3:15 a.m.•34 views

CVE-2023-0036

platform_callback_stub in misc subsystem within OpenHarmony-v3.0.5 and prior versions has an authentication bypass vulnerability which allows an "SA relay attack".Local attackers can bypass authentication and attack other SAs with high privilege.

7.8CVSS7.1AI score0.00008EPSS

CVE•added 2023/01/09 3:15 a.m.•32 views

CVE-2022-45126

Kernel subsystem within OpenHarmony-v3.1.4 and prior versions in kernel_liteos_a has a kernel stack overflow vulnerability when call SysClockGettime. 4 bytes padding data from kernel stack are copied to user space incorrectly and leaked.

7.8CVSS5.8AI score0.0003EPSS