The appspawn and nwebspawn services within OpenHarmony-v3.1.2 and prior versions were found to be vulnerable to buffer overflow vulnerability due to insufficient input validation. An unprivileged malicious application would be able to gain code execution within any application installed on the device or cause application crash.
References
| Link | Resource |
|---|---|
| https://gitee.com/openharmony/security/blob/master/en/security-disclosure/2022/2022-12.md | Third Party Advisory |
| https://gitee.com/openharmony/security/blob/master/en/security-disclosure/2022/2022-12.md | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 07:28
| Type | Values Removed | Values Added |
|---|---|---|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.8 |
| References | () https://gitee.com/openharmony/security/blob/master/en/security-disclosure/2022/2022-12.md - Third Party Advisory |
09 Sep 2024, 12:21
| Type | Values Removed | Values Added |
|---|---|---|
| First Time |
Openatom openharmony
Openatom |
|
| CPE | cpe:2.3:o:openatom:openharmony:*:*:*:*:lts:*:*:* | |
| Summary |
|
Information
Published : 2022-12-08 16:15
Updated : 2024-11-21 07:28
NVD link : CVE-2022-44455
Mitre link : CVE-2022-44455
CVE.ORG link : CVE-2022-44455
JSON object : View
Products Affected
openatom
- openharmony
openharmony
- openharmony
CWE
CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')