zh/security-disclosure/2024/2024-02.md · OpenHarmony/security

## 2024年02月安全漏洞
_发布于2024.02.02_ 
_最后更新于2024.02.02_

| CVE | 漏洞描述 | 漏洞影响 | CVSS3.1基础得分 | 受影响的版本 | 受影响的仓库 | 修复链接 |
| -------------- | -------- | -------- | --------------- | ------------ | ------------ | -------- |
| CVE-2023-49118 | 软总线越界读漏洞 | 本地攻击者通过本漏洞造成信息泄露 | 2.9 | OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release | communication_dsoftbus | [3.2.x](https://gitee.com/openharmony/communication_dsoftbus/pulls/4799) |
| CVE-2023-43756 | 软总线越界读漏洞 | 本地攻击者通过本漏洞造成信息泄露 | 2.9 | OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release | communication_dsoftbus | [3.2.x](https://gitee.com/openharmony/communication_dsoftbus/pulls/4835) |
| CVE-2023-45734 | 软总线越界写漏洞 | 近场攻击者通过本漏洞执行代码 | 4.2 | OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release | communication_dsoftbus | [3.2.x](https://gitee.com/openharmony/communication_dsoftbus/pulls/4799) |
| CVE-2024-21860 | 软总线释放后使用漏洞 | 近场攻击者通过本漏洞在任意应用中执行代码 | 8.2 | OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release | communication_dsoftbus | [3.2.x](https://gitee.com/openharmony/communication_dsoftbus/pulls/4832) [4.0.x](https://gitee.com/openharmony/communication_dsoftbus/pulls/4833) |
| CVE-2024-21845 | 软总线整数溢出漏洞 | 近场攻击者通过本漏洞造成堆溢出 | 2.9 | OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release | communication_dsoftbus | [3.2.x](https://gitee.com/openharmony/communication_dsoftbus/pulls/4811) [4.0.x](https://gitee.com/openharmony/communication_dsoftbus/pulls/4902) |
| CVE-2024-21851 | 软总线整数溢出漏洞 | 近场攻击者通过本漏洞造成堆溢出 | 2.9 | OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release | communication_dsoftbus | [3.2.x](https://gitee.com/openharmony/communication_dsoftbus/pulls/4811) [4.0.x](https://gitee.com/openharmony/communication_dsoftbus/pulls/4902) |
| CVE-2024-21863 | 软总线数据校验不完善的漏洞 | 近场攻击者通过本漏洞造成DOS | 4.7 | OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release | communication_dsoftbus | [3.2.x](https://gitee.com/openharmony/communication_dsoftbus/pulls/4864) [4.0.x](https://gitee.com/openharmony/communication_dsoftbus/pulls/4877) |
| CVE-2024-0285 | 软总线未判断数据长度的漏洞 | 近场攻击者通过本漏洞造成DOS | 4.7 | OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release | communication_ipc | [3.2.x](https://gitee.com/openharmony/communication_ipc/pulls/907) [4.0.x](https://gitee.com/openharmony/communication_ipc/pulls/908) |

### 以下为三方库漏洞，只提供CVE、严重程度、受影响的OpenHarmony版本，详细信息请参考三方公告。

| CVE | 严重程度 | CVSS 3.1得分 |受影响的仓库 | 受影响的OpenHarmony版本 | 修复链接 |
| -------------- | -------- | ------------ |-------------| ------------------------------------------------------------ | ------------------------------------------------------ |
| CVE-2023-5678 | 中危 |5.3 | third_party_openssl | OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release | [3.2.x](https://gitee.com/openharmony/third_party_openssl/pulls/158) |
| CVE-2023-44429 | 高危 |8.8 | third_party_gstreamer | OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release | [3.2.x](https://gitee.com/openharmony/third_party_gstreamer/pulls/356) |
| CVE-2023-44446 | 高危 |8.8 | third_party_gstreamer | OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release | [3.2.x](https://gitee.com/openharmony/third_party_gstreamer/pulls/356) |
| CVE-2023-6510 | 高危 |8.8 | third_party_chromium | OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release | [3.2.x](https://gitee.com/openharmony/web_webview/pulls/1253) [4.0.x](https://gitee.com/openharmony/web_webview/pulls/1254) |
| CVE-2023-6345 | 致命 |9.6 | third_party_chromium | OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release | [3.2.x](https://gitee.com/openharmony/web_webview/pulls/1253) [4.0.x](https://gitee.com/openharmony/web_webview/pulls/1254) |
| CVE-2023-6347 | 高危 |8.8 | third_party_chromium | OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release | [3.2.x](https://gitee.com/openharmony/web_webview/pulls/1253) [4.0.x](https://gitee.com/openharmony/web_webview/pulls/1254) |
| CVE-2023-6508 | 高危 |8.8 | third_party_chromium | OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release | [3.2.x](https://gitee.com/openharmony/web_webview/pulls/1253) [4.0.x](https://gitee.com/openharmony/web_webview/pulls/1254) |
| CVE-2023-6817 | 高危 |7.8 | kernel_linux_5.10 | OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release | [3.2.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/1205) [4.0.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/1206) |
| CVE-2023-6931 | 高危 |7.8 | kernel_linux_5.10 | OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release | [3.2.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/1223) [4.0.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/1222) |
| CVE-2023-6932 | 高危 |7.0 | kernel_linux_5.10 | OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release | [3.2.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/1223) [4.0.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/1222) |
| CVE-2023-35001 | 高危 |7.8 | kernel_linux_5.10 | OpenHarmony-v4.0-Release | [4.0.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/970) |
| CVE-2023-7104 | 高危 |7.3 | third_party_sqlite | OpenHarmony-v4.0-Release | [4.0.x](https://gitee.com/openharmony/third_party_sqlite/pulls/92) |
| CVE-2023-6705 | 高危 |8.8 | third_party_chromium | OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release | [3.2.x](https://gitee.com/openharmony/web_webview/pulls/1281) [4.0.x](https://gitee.com/openharmony/web_webview/pulls/1282) |
| CVE-2023-6702 | 高危 |8.8 | third_party_chromium | OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release | [3.2.x](https://gitee.com/openharmony/web_webview/pulls/1281) [4.0.x](https://gitee.com/openharmony/web_webview/pulls/1282) |
| CVE-2023-6703 | 高危 |8.8 | third_party_chromium | OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release | [3.2.x](https://gitee.com/openharmony/web_webview/pulls/1281) [4.0.x](https://gitee.com/openharmony/web_webview/pulls/1282) |

### 如下是各维护版本的安全补丁标签，请在合入当月及之前全部对应安全补丁之后，更新安全补丁标签。

<table>
	<tr>
		<td style="font-weight: bold">安全补丁标签</td>
		<td style="font-weight: bold">链接</td>
	</tr>
	<tr>
		<td rowspan="3">2024年02月</td>
		<td><a href="https://gitee.com/openharmony/startup_init/pulls/2481">[4.0.x]</a></td>
	</tr>
	<tr>
		<td><a href="https://gitee.com/openharmony/startup_init/pulls/2478">[3.2.x]</a></td>
	</tr>
</table>

OpenHarmony/security

About

Releases

Contributors

Activities

OpenHarmony/security .gitee-modal { width: 500px !important; }

About

Releases

The Open Source Evaluation Index is derived from the OSS Compass evaluation system, which evaluates projects around the following three dimensions

Contributors

Activities

Search

OpenHarmony/security