16 Star 90 Fork 54

OpenHarmony / security

加入 Gitee
与超过 1000 万 开发者一起发现、参与优秀开源项目,私有仓库也完全免费 :)
免费加入
克隆/下载
2022-12.md 16.77 KB
一键复制 编辑 Web IDE 原始数据 按行查看 历史
louis.liuxu 提交于 2022-12-05 17:03 . security bulletin in December 2022

Security Vulnerabilities in December 2022

published December 6,2022
updated December 6,2022

Vulnerability ID related Vulnerability Vulnerability Description Vulnerability Impact CVSS3.1 Base Score affected versions affected projects fix link reference
OpenHarmony-SA-2022-1201 CVE-2022-45877 PIN code is transmitted to the peer device in plain text during cross-device authentication, which reduces the difficulty of man-in-the-middle attacks. Network attackers can bypass the authentication, which reduces the difficulty of man-in-the-middle attacks. 8.3 OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release distributedhardware_device_manager
applications_hap
security_device_auth
3.1.x
3.1.x
3.1.x
Reported by OpenHarmony Team
OpenHarmony-SA-2022-1202 CVE-2022-41802 Kernel subsystem in kernel_liteos_a has a kernel stack overflow vulnerability when call SysClockGetres. 4 bytes padding data from kernel stack are copied to user space incorrectly and leaked. 4.0 OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
OpenHarmony-v1.1.0-LTS through OpenHarmony-v1.1.5-LTS
kernel_liteos_a 3.1.x
3.0.x
1.1.x
Reported by Researchers
OpenHarmony-SA-2022-1203 CVE-2022-45126 Kernel subsystem in kernel_liteos_a has a kernel stack overflow vulnerability when call SysClockGettime. 4 bytes padding data from kernel stack are copied to user space incorrectly and leaked. 4.0 OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
OpenHarmony-v1.1.0-LTS through OpenHarmony-v1.1.5-LTS
kernel_liteos_a 3.1.x
3.0.x
1.1.x
Reported by Researchers
OpenHarmony-SA-2022-1204 CVE-2022-43662 Kernel subsystem in kernel_liteos_a has a kernel stack overflow vulnerability when call SysTimerGettime. 4 bytes padding data from kernel stack are copied to user space incorrectly and leaked. 4.0 OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
OpenHarmony-v1.1.0-LTS through OpenHarmony-v1.1.5-LTS
kernel_liteos_a 3.1.x
3.0.x
1.1.x
Reported by Researchers
OpenHarmony-SA-2022-1205 CVE-2022-44455 The appspawn and nwebspawn services were found to be vulnerable to buffer overflow vulnerability due to insufficient input validation. An unprivileged malicious application would be able to gain code execution within any application installed on the device or cause application crash. 6.8 OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
startup_appspawn 3.1.x
3.0.x
Reported by OpenHarmony Team
OpenHarmony-SA-2022-1206 CVE-2022-45118 Telephony in communication subsystem sends public events with personal data, but the permission is not set. Malicious apps could listen to public events and obtain information such as mobile numbers and SMS data without permissions. 6.2 OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release telephony_state_registry
telephony_sms_mms
3.1.x
3.1.x
Reported by OpenHarmony Team

The following table lists the third-party library vulnerabilities with only the CVE, severity, and affected OpenHarmony versions provided. For more details, see the security bulletins released by third-parties.

CVE severity affected OpenHarmony versions fix link
CVE-2022-20422 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x
3.0.x
CVE-2022-3303 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x
3.0.x
CVE-2022-42703 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x
3.0.x
CVE-2022-41222 High OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x
3.0.x
CVE-2022-3239 High OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x
3.0.x
CVE-2022-20423 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x
3.0.x
CVE-2022-41850 High OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x
3.0.x
CVE-2022-3586 High OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x
3.0.x
CVE-2022-3625 High OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x
3.0.x
CVE-2022-42432 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x
3.0.x
CVE-2022-3633 Low OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x
3.0.x
CVE-2022-3635 High OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x
3.0.x
CVE-2022-3629 Low OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x
3.0.x
CVE-2022-3623 High OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x
3.0.x
CVE-2022-3646 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x
3.0.x
CVE-2022-3621 High OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x
3.0.x
CVE-2022-3567 High OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x
3.0.x
CVE-2022-43750 High OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x
3.0.x
CVE-2022-3545 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x
3.0.x
CVE-2022-3523 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x
3.0.x
CVE-2022-2602 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x
3.0.x
CVE-2022-3628 High OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x
3.0.x
CVE-2022-40768 High OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x
3.0.x
CVE-2022-3566 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x
3.0.x
CVE-2022-3577 High OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x
3.0.x
CVE-2022-3606 High OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x
3.0.x
CVE-2022-3649 High OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x
3.0.x
CVE-2022-3564 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x
3.0.x
CVE-2022-20409 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x
3.0.x
CVE-2022-41849 High OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x
3.0.x
CVE-2022-20421 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x
3.0.x
CVE-2022-3435 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x
3.0.x
CVE-2022-42719 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x
3.0.x
CVE-2022-42720 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x
3.0.x
CVE-2022-42721 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x
3.0.x
CVE-2022-42722 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x
3.0.x
CVE-2022-41674 High OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x
3.0.x
CVE-2022-3535 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x
3.0.x
CVE-2022-3521 Low OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x
3.0.x
CVE-2022-3524 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x
3.0.x
CVE-2022-3534 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x
3.0.x
CVE-2022-3542 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release 3.1.x
CVE-2022-3565 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x
3.0.x
CVE-2022-3594 High OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x
3.0.x
1
https://gitee.com/openharmony/security.git
git@gitee.com:openharmony/security.git
openharmony
security
security
master

搜索帮助