Описание
The appspawn and nwebspawn services within OpenHarmony-v3.1.2 and prior versions were found to be vulnerable to buffer overflow vulnerability due to insufficient input validation. An unprivileged malicious application would be able to gain code execution within any application installed on the device or cause application crash.
Ссылки
- Third Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 3.1 (включая) до 3.1.2 (включая)Версия от 3.0 (включая) до 3.0.6 (включая)
Одно из
cpe:2.3:a:openharmony:openharmony:*:*:*:*:*:*:*:*
cpe:2.3:o:openatom:openharmony:*:*:*:*:lts:*:*:*
EPSS
Процентиль: 20%
0.00063
Низкий
6.8 Medium
CVSS3
7.8 High
CVSS3
Дефекты
CWE-120
CWE-120
Связанные уязвимости
CVSS3: 7.8
github
около 3 лет назад
The appspawn and nwebspawn services within OpenHarmony-v3.1.2 and prior versions were found to be vulnerable to buffer overflow vulnerability due to insufficient input validation. An unprivileged malicious application would be able to gain code execution within any application installed on the device or cause application crash.
EPSS
Процентиль: 20%
0.00063
Низкий
6.8 Medium
CVSS3
7.8 High
CVSS3
Дефекты
CWE-120
CWE-120