16 Star 90 Fork 54

OpenHarmony / security

加入 Gitee
与超过 1000 万 开发者一起发现、参与优秀开源项目,私有仓库也完全免费 :)
免费加入
克隆/下载
2022-11.md 6.88 KB
一键复制 编辑 Web IDE 原始数据 按行查看 历史
louis.liuxu 提交于 2022-10-31 17:26 . security bulletin in November 2022

Security Vulnerabilities in November 2022

published November 1,2022
updated November 1,2022

Vulnerability ID related Vulnerability Vulnerability Description Vulnerability Impact CVSS3.1 Base Score affected versions affected projects fix link reference
OpenHarmony-SA-2022-1101 CVE-2022-43451 Multiple path traversal in appspawn and nwebspawn services. Local attackers can create arbitrary directories or escape application sandbox.If chained with other vulnerabilities it would allow an unprivileged process to gain full root privileges. 8.4 OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release startup_appspawn 3.1.x Reported by OpenHarmony Team
OpenHarmony-SA-2022-1102 CVE-2022-43449 Arbitrary file read via download_server. Local attackers can install an malicious application on the device and reveal any file from the filesystem that is accessible to download_server service which run with UID 1000. 6.2 OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release request_request 3.1.x Reported by OpenHarmony Team
OpenHarmony-SA-2022-1103 CVE-2022-43495 An abnormal packet recieved when distributedhardware_device_manager joining a network could cause a device reboot. Network attakcers can send an abonormal packet when joining a network, cause a nullptr reference and device reboot. 6.5 OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release distributedhardware_device_manager 3.1.x Reported by OpenHarmony Team

The following table lists the third-party library vulnerabilities with only the CVE, severity, and affected OpenHarmony versions provided. For more details, see the security bulletins released by third-parties.

CVE severity affected OpenHarmony versions fix link
CVE-2022-2295 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release 3.1.x
CVE-2022-2294 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release 3.1.x
CVE-2022-26373 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x
3.0.x
CVE-2022-23816 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x
3.0.x
CVE-2022-29901 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x
3.0.x
CVE-2022-29900 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x
3.0.x
CVE-2022-2481 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x
CVE-2022-2480 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release 3.1.x
CVE-2022-2478 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release 3.1.x
CVE-2022-2477 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release 3.1.x
CVE-2022-30790 Critical OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
OpenHarmony-v1.1.0-Release through OpenHarmony-v1.1.4-LTS
3.1.x
3.1.x
3.0.x
3.0.x
1.1.x
CVE-2022-1462 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x
3.0.x
CVE-2022-1184 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x
3.0.x
CVE-2022-2663 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x
3.0.x
CVE-2022-39190 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x
3.0.x
CVE-2022-39189 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x
3.0.x
CVE-2022-40674 Critical OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x
3.0.x
CVE-2022-3202 High OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x
3.0.x
CVE-2022-3199 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release 3.1.x
1
https://gitee.com/openharmony/security.git
git@gitee.com:openharmony/security.git
openharmony
security
security
master

搜索帮助