Lucene search

OpenHarmonyVULNRICHMENT:CVE-2024-31078

HistoryMay 07, 2024 - 6:27 a.m.

CVE-2024-31078 Bluetooth Service has a use after free vulnerability

2024-05-0706:27:02

CWE-476

OpenHarmony

github.com

bluetooth service

openharmony

vulnerability

null pointer dereference

local attacker

service crash

3.3 Low

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

6.7 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.1%

JSON

in OpenHarmony v4.0.0 and prior versions allow a local attacker cause service crash through NULL pointer dereference.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "OpenHarmony",
    "vendor": "OpenHarmony",
    "versions": [
      {
        "lessThan": "v4.0.1",
        "status": "affected",
        "version": "v4.0.0",
        "versionType": "custom"
      }
    ]
  }
]

References

gitee.com/openharmony/security/blob/master/zh/security-disclosure/2024/2024-05.md

3.3 Low

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

6.7 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.1%

JSON

Related for VULNRICHMENT:CVE-2024-31078