17 Star 92 Fork 71

OpenHarmony / security

Create your Gitee Account
Explore and code with more than 12 million developers,Free private repositories !:)
Sign up
Clone or Download
2022-09.md 19.59 KB
Copy Edit Raw Blame History
louis.liuxu authored 2022-10-27 17:30 . modify fix links

Security Vulnerabilities in September 2022

published September 6,2022
updated October 27,2022

Vulnerability ID related Vulnerability Vulnerability Description Vulnerability Impact CVSS3.1 Base Score affected versions affected projects fix link reference
OpenHarmony-SA-2022-0901 CVE-2022-36423 Incorrect configuration of the cJSON library lead a Stack overflow vulnerability during recursive parsing. LAN attackers can lead a DoS attack to all network devices. 7.4 OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
OpenHarmony-v1.1.0-LTS through OpenHarmony-v1.1.5-LTS
third_party_cJSON 3.1.x
3.1.x
3.0.x
3.0.x
1.1.x
1.1.x
Reported by OpenHarmony Team
OpenHarmony-SA-2022-0902 CVE-2022-38081 Tokensync in security subsystem has a permission bypass vulnerability. LAN attackers can bypass the distributed permission control.To take advantage of this weakness, attackers need another vulnerability to obtain system. 6.2 OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release security_access_token 3.1.x Reported by OpenHarmony Team
OpenHarmony-SA-2022-0903 CVE-2022-38701 IPC in communication subsystem has a heap overflow vulnerability. Local attackers can trigger a heap overflow and get network sensitive information. 6.2 OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
communication_dsoftbus 3.1.x
3.0.x
Reported by OpenHarmony Team
OpenHarmony-SA-2022-0904 CVE-2022-38064 windowmanager in window subsystem has a permission bypass vulnerability. Local attackers can bypass permission control and get sensitive information. 6.2 OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release windowmanager 3.1.x Reported by OpenHarmony Team
OpenHarmony-SA-2022-0905 CVE-2022-38700 multimedia subsystem has a permission bypass vulnerability. LAN attackers can bypass permission control and get control of camera service. 8.8 OpenHarmony-v3.1-Release multimedia_camera_framework 3.1.x Reported by OpenHarmony Team

The following table lists the third-party library vulnerabilities with only the CVE, severity, and affected OpenHarmony versions provided. For more details, see the security bulletins released by third-parties.

CVE severity affected OpenHarmony versions fix link
CVE-2022-34918 High OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2022-33981 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release 3.1.x
CVE-2022-33743 Low OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS 3.0.x
CVE-2022-33742 Low OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS 3.0.x
CVE-2022-33741 Low OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS 3.0.x
CVE-2022-33740 Low OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS 3.0.x
CVE-2022-32981 High OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2022-32296 Low OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2022-32250 High OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2022-29582 High OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS 3.0.x
CVE-2022-27666 High OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS 3.0.x
CVE-2022-26365 Low OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS 3.0.x
CVE-2022-2380 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2022-2318 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2022-2153 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2022-21499 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2022-21166 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2022-21125 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2022-21123 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2022-20154 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2022-20153 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2022-20141 High OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS 3.0.x
CVE-2022-20132 High OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2022-20009 High OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS 3.0.x
CVE-2022-1998 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2022-1975 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2022-1972 High OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2022-1852 Medium OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS 3.0.x
CVE-2022-1836 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2022-1789 Medium OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS 3.0.x
CVE-2022-1652 Medium OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS 3.0.x
CVE-2022-1508 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2022-1205 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2022-1204 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2022-1198 Medium OpenHarmony-v3.1-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS
3.1.x
3.0.x
CVE-2022-0644 Medium OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS 3.0.x
CVE-2021-45868 Medium OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS 3.0.x
CVE-2021-4135 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2021-33061 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2021-28713 Medium OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS 3.0.x
CVE-2021-28712 Medium OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS 3.0.x
CVE-2021-28711 Medium OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS 3.0.x
CVE-2021-26401 Medium OpenHarmony-v3.1-Release 3.1.x
CVE-2022-37434 High OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
OpenHarmony-v1.1.1-LTS through OpenHarmony-v1.1.5-LTS
3.1.x
3.0.x
1.1.x
CVE-2022-1587 Critical OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release 3.1.x
CVE-2022-1586 Critical OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release 3.1.x
CVE-2022-2097 High OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release 3.1.x
CVE-2022-2068 High OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release 3.1.x
CVE-2022-30789 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release 3.1.x
CVE-2022-30788 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release 3.1.x
CVE-2022-30787 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release 3.1.x
CVE-2022-30786 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release 3.1.x
CVE-2022-30785 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release 3.1.x
CVE-2022-30784 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release 3.1.x
CVE-2022-30783 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release 3.1.x
CVE-2021-46790 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release 3.1.x
CVE-2022-32215 Critical OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release 3.1.x
CVE-2022-32213 Critical OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release 3.1.x
CVE-2022-32212 High OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release 3.1.x
CVE-2022-2097 High OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release 3.1.x
CVE-2021-46822 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release 3.1.x
CVE-2022-2122 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2022-1925 High OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2022-1924 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2022-1923 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2022-1922 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2022-1921 High OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2022-1920 High OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2022-34835 Critical OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2022-30767 Critical OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2022-30552 High OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2022-32208 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2022-32207 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2022-32206 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2022-32205 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
马建仓 AI 助手
尝试更多
代码解读
代码找茬
代码优化
1
https://gitee.com/openharmony/security.git
git@gitee.com:openharmony/security.git
openharmony
security
security
master

Search

344bd9b3 5694891 D2dac590 5694891