The appspawn and nwebspawn services within OpenHarmony-v3.1.2 and prior versions were found to be vulnerable to buffer overflow vulnerability due to insufficient input validation. An unprivileged malicious application would be able to gain code execution within any application installed on the device or cause application crash.
References
Link | Resource |
---|---|
https://gitee.com/openharmony/security/blob/master/en/security-disclosure/2022/2022-12.md | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
12 Dec 2022, 15:49
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-120 | |
First Time |
Openharmony
Openharmony openharmony |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.8 |
References | (MISC) https://gitee.com/openharmony/security/blob/master/en/security-disclosure/2022/2022-12.md - Third Party Advisory | |
CPE | cpe:2.3:a:openharmony:openharmony:*:*:*:*:lts:*:*:* cpe:2.3:a:openharmony:openharmony:*:*:*:*:*:*:*:* |
08 Dec 2022, 16:29
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-12-08 16:15
Updated : 2023-12-10 14:48
NVD link : CVE-2022-44455
Mitre link : CVE-2022-44455
CVE.ORG link : CVE-2022-44455
JSON object : View
Products Affected
openharmony
- openharmony
CWE
CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')