CVE-2022-44455

The appspawn and nwebspawn services within OpenHarmony-v3.1.2 and prior versions were found to be vulnerable to buffer overflow vulnerability due to insufficient input validation. An unprivileged malicious application would be able to gain code execution within any application installed on the device or cause application crash.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:openharmony:openharmony:*:*:*:*:*:*:*:*
cpe:2.3:o:openatom:openharmony:*:*:*:*:lts:*:*:*

History

21 Nov 2024, 07:28

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 7.8
v2 : unknown
v3 : 6.8
References () https://gitee.com/openharmony/security/blob/master/en/security-disclosure/2022/2022-12.md - Third Party Advisory () https://gitee.com/openharmony/security/blob/master/en/security-disclosure/2022/2022-12.md - Third Party Advisory

09 Sep 2024, 12:21

Type Values Removed Values Added
CPE cpe:2.3:a:openharmony:openharmony:*:*:*:*:lts:*:*:* cpe:2.3:o:openatom:openharmony:*:*:*:*:lts:*:*:*
First Time Openatom
Openatom openharmony

Information

Published : 2022-12-08 16:15

Updated : 2024-11-21 07:28


NVD link : CVE-2022-44455

Mitre link : CVE-2022-44455

CVE.ORG link : CVE-2022-44455


JSON object : View

Products Affected

openharmony

  • openharmony

openatom

  • openharmony
CWE
CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')