16 Star 90 Fork 54

OpenHarmony / security

加入 Gitee
与超过 1000 万 开发者一起发现、参与优秀开源项目,私有仓库也完全免费 :)
免费加入
克隆/下载
2023-03.md 14.65 KB
一键复制 编辑 Web IDE 原始数据 按行查看 历史
louis.liuxu 提交于 2023-04-03 17:23 . security bulletin in April 2023

Security Vulnerabilities in March 2023

published March 7,2023
updated March 7,2023

Vulnerability ID related Vulnerability Vulnerability Description Vulnerability Impact CVSS3.1 Base Score affected versions affected projects fix link reference
OpenHarmony-SA-2023-0301 CVE-2023-24465 Communication Wi-Fi subsystem has a null pointer reference vulnerability when receiving external data. Local attackers can exploit this vulnerability to cause the current application to crash. 5.5 OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS
communication_wifi 3.1.x
3.0.x
Reported by OpenHarmony Team
OpenHarmony-SA-2023-0302 CVE-2023-25947 The bundle management subsystem has a improper input validation when installing a HAP package. Local attackers can exploit this vulnerability to cause a DoS attack to the system when installing a malicious HAP package. 6.2 OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release bundlemanager_bundle_framework 3.1.x Reported by OpenHarmony Team

The following table lists the third-party library vulnerabilities with only the CVE, severity, and affected OpenHarmony versions provided. For more details, see the security bulletins released by third-parties.

CVE severity affected OpenHarmony versions fix link
CVE-2022-47946 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.5-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS
3.1.x
3.0.x
CVE-2022-2196 Low OpenHarmony-v3.1-Release through OpenHarmony-v3.1.6-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS
3.1.x
3.0.x
CVE-2023-0047 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.5-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS
3.1.x
3.0.x
CVE-2023-23559 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.6-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS
3.1.x
3.0.x
CVE-2022-3640 High OpenHarmony-v3.1-Release through OpenHarmony-v3.1.5-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS
3.1.x
3.0.x
CVE-2022-47929 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.6-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS
3.1.x
3.0.x
CVE-2023-0179 High OpenHarmony-v3.1-Release through OpenHarmony-v3.1.6-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS
3.1.x
3.0.x
CVE-2023-0394 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.6-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS
3.1.x
3.0.x
CVE-2023-23454 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.6-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS
3.1.x
3.0.x
CVE-2023-23455 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.6-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS
3.1.x
3.0.x
CVE-2023-0590 High OpenHarmony-v3.1-Release through OpenHarmony-v3.1.6-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS
3.1.x
3.0.x
CVE-2023-0615 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.6-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.8-LTS
3.1.x
3.0.x
CVE-2023-0045 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.6-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.8-LTS
3.1.x
3.0.x
CVE-2023-20938 High OpenHarmony-v3.1-Release through OpenHarmony-v3.1.6-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.8-LTS
3.1.x
3.0.x
CVE-2022-3176 High OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS
3.1.x
3.0.x
CVE-2023-0045 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.6-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.8-LTS
3.1.x
3.0.x
CVE-2022-3028 High OpenHarmony-v3.1-Release through OpenHarmony-v3.1.6-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.8-LTS
3.1.x
3.0.x
CVE-2020-36516 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.6-Release 3.1.x
CVE-2022-3341 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.5-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS
OpenHarmony-v1.0.1-release through OpenHarmony-v1.1.5-LTS
3.1.x
3.0.x
1.1.x
CVE-2022-4450 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.6-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS
OpenHarmony-v1.0.1-release through OpenHarmony-v1.1.5-LTS
3.1.x
3.0.x
1.1.x
CVE-2023-0286 High OpenHarmony-v3.1-Release through OpenHarmony-v3.1.6-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.8-LTS
OpenHarmony-v1.0.1-release through OpenHarmony-v1.1.5-LTS
3.1.x
3.0.x
1.1.x
CVE-2023-0215 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.6-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.8-LTS
OpenHarmony-v1.0.1-release through OpenHarmony-v1.1.5-LTS
3.1.x
3.0.x
1.1.x
CVE-2022-4304 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.6-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.8-LTS
OpenHarmony-v1.0.1-release through OpenHarmony-v1.1.5-LTS
3.1.x
3.0.x
1.1.x
CVE-2021-41751 Critical OpenHarmony-v3.1-Release through OpenHarmony-v3.1.6-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.8-LTS
3.1.x
3.0.x
CVE-2021-43453 Critical OpenHarmony-v3.1-Release through OpenHarmony-v3.1.6-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.8-LTS
3.1.x
3.0.x
CVE-2022-1304 High OpenHarmony-v3.1-Release through OpenHarmony-v3.1.6-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS
3.1.x
3.0.x
CVE-2023-23914 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.6-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.8-LTS
OpenHarmony-v1.0.1-release through OpenHarmony-v1.1.5-LTS
3.1.x
3.0.x
1.1.x
CVE-2023-23915 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.6-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.8-LTS
OpenHarmony-v1.0.1-release through OpenHarmony-v1.1.5-LTS
3.1.x
3.0.x
1.1.x
CVE-2023-23916 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.6-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.8-LTS
OpenHarmony-v1.0.1-release through OpenHarmony-v1.1.5-LTS
3.1.x
3.0.x
1.1.x
CVE-2020-35538 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.6-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.8-LTS
3.1.x
3.0.x
CVE-2022-37434 Critical OpenHarmony-v3.1-Release through OpenHarmony-v3.1.6-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.8-LTS
3.1.x
3.0.x
1
https://gitee.com/openharmony/security.git
git@gitee.com:openharmony/security.git
openharmony
security
security
master

搜索帮助