16 Star 90 Fork 54

OpenHarmony / security

加入 Gitee
与超过 1000 万 开发者一起发现、参与优秀开源项目,私有仓库也完全免费 :)
免费加入
克隆/下载
2022-09.md 19.59 KB
一键复制 编辑 Web IDE 原始数据 按行查看 历史
louis.liuxu 提交于 2022-10-27 17:30 . modify fix links

Security Vulnerabilities in September 2022

published September 6,2022
updated October 27,2022

Vulnerability ID related Vulnerability Vulnerability Description Vulnerability Impact CVSS3.1 Base Score affected versions affected projects fix link reference
OpenHarmony-SA-2022-0901 CVE-2022-36423 Incorrect configuration of the cJSON library lead a Stack overflow vulnerability during recursive parsing. LAN attackers can lead a DoS attack to all network devices. 7.4 OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
OpenHarmony-v1.1.0-LTS through OpenHarmony-v1.1.5-LTS
third_party_cJSON 3.1.x
3.1.x
3.0.x
3.0.x
1.1.x
1.1.x
Reported by OpenHarmony Team
OpenHarmony-SA-2022-0902 CVE-2022-38081 Tokensync in security subsystem has a permission bypass vulnerability. LAN attackers can bypass the distributed permission control.To take advantage of this weakness, attackers need another vulnerability to obtain system. 6.2 OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release security_access_token 3.1.x Reported by OpenHarmony Team
OpenHarmony-SA-2022-0903 CVE-2022-38701 IPC in communication subsystem has a heap overflow vulnerability. Local attackers can trigger a heap overflow and get network sensitive information. 6.2 OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
communication_dsoftbus 3.1.x
3.0.x
Reported by OpenHarmony Team
OpenHarmony-SA-2022-0904 CVE-2022-38064 windowmanager in window subsystem has a permission bypass vulnerability. Local attackers can bypass permission control and get sensitive information. 6.2 OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release windowmanager 3.1.x Reported by OpenHarmony Team
OpenHarmony-SA-2022-0905 CVE-2022-38700 multimedia subsystem has a permission bypass vulnerability. LAN attackers can bypass permission control and get control of camera service. 8.8 OpenHarmony-v3.1-Release multimedia_camera_framework 3.1.x Reported by OpenHarmony Team

The following table lists the third-party library vulnerabilities with only the CVE, severity, and affected OpenHarmony versions provided. For more details, see the security bulletins released by third-parties.

CVE severity affected OpenHarmony versions fix link
CVE-2022-34918 High OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2022-33981 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release 3.1.x
CVE-2022-33743 Low OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS 3.0.x
CVE-2022-33742 Low OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS 3.0.x
CVE-2022-33741 Low OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS 3.0.x
CVE-2022-33740 Low OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS 3.0.x
CVE-2022-32981 High OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2022-32296 Low OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2022-32250 High OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2022-29582 High OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS 3.0.x
CVE-2022-27666 High OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS 3.0.x
CVE-2022-26365 Low OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS 3.0.x
CVE-2022-2380 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2022-2318 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2022-2153 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2022-21499 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2022-21166 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2022-21125 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2022-21123 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2022-20154 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2022-20153 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2022-20141 High OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS 3.0.x
CVE-2022-20132 High OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2022-20009 High OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS 3.0.x
CVE-2022-1998 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2022-1975 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2022-1972 High OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2022-1852 Medium OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS 3.0.x
CVE-2022-1836 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2022-1789 Medium OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS 3.0.x
CVE-2022-1652 Medium OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS 3.0.x
CVE-2022-1508 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2022-1205 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2022-1204 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2022-1198 Medium OpenHarmony-v3.1-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS
3.1.x
3.0.x
CVE-2022-0644 Medium OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS 3.0.x
CVE-2021-45868 Medium OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS 3.0.x
CVE-2021-4135 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2021-33061 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2021-28713 Medium OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS 3.0.x
CVE-2021-28712 Medium OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS 3.0.x
CVE-2021-28711 Medium OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS 3.0.x
CVE-2021-26401 Medium OpenHarmony-v3.1-Release 3.1.x
CVE-2022-37434 High OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
OpenHarmony-v1.1.1-LTS through OpenHarmony-v1.1.5-LTS
3.1.x
3.0.x
1.1.x
CVE-2022-1587 Critical OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release 3.1.x
CVE-2022-1586 Critical OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release 3.1.x
CVE-2022-2097 High OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release 3.1.x
CVE-2022-2068 High OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release 3.1.x
CVE-2022-30789 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release 3.1.x
CVE-2022-30788 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release 3.1.x
CVE-2022-30787 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release 3.1.x
CVE-2022-30786 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release 3.1.x
CVE-2022-30785 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release 3.1.x
CVE-2022-30784 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release 3.1.x
CVE-2022-30783 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release 3.1.x
CVE-2021-46790 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release 3.1.x
CVE-2022-32215 Critical OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release 3.1.x
CVE-2022-32213 Critical OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release 3.1.x
CVE-2022-32212 High OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release 3.1.x
CVE-2022-2097 High OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release 3.1.x
CVE-2021-46822 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release 3.1.x
CVE-2022-2122 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2022-1925 High OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2022-1924 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2022-1923 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2022-1922 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2022-1921 High OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2022-1920 High OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2022-34835 Critical OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2022-30767 Critical OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2022-30552 High OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2022-32208 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2022-32207 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2022-32206 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2022-32205 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
1
https://gitee.com/openharmony/security.git
git@gitee.com:openharmony/security.git
openharmony
security
security
master

搜索帮助