The appspawn and nwebspawn services within OpenHarmony-v3.1.2 and prior versions were found to be vulnerable to buffer overflow vulnerability due to insufficient input validation. An unprivileged malicious application would be able to gain code execution within any application installed on the device or cause application crash.
References
Link | Resource |
---|---|
https://gitee.com/openharmony/security/blob/master/en/security-disclosure/2022/2022-12.md | Third Party Advisory |
https://gitee.com/openharmony/security/blob/master/en/security-disclosure/2022/2022-12.md | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 07:28
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.8 |
References | () https://gitee.com/openharmony/security/blob/master/en/security-disclosure/2022/2022-12.md - Third Party Advisory |
09 Sep 2024, 12:21
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:openatom:openharmony:*:*:*:*:lts:*:*:* | |
First Time |
Openatom
Openatom openharmony |
Information
Published : 2022-12-08 16:15
Updated : 2024-11-21 07:28
NVD link : CVE-2022-44455
Mitre link : CVE-2022-44455
CVE.ORG link : CVE-2022-44455
JSON object : View
Products Affected
openharmony
- openharmony
openatom
- openharmony
CWE
CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')