CVE-2022-44455

CVSS V2 None CVSS V3 None
Description
The appspawn and nwebspawn services within OpenHarmony-v3.1.2 and prior versions were found to be vulnerable to buffer overflow vulnerability due to insufficient input validation. An unprivileged malicious application would be able to gain code execution within any application installed on the device or cause application crash.
Overview
  • CVE ID
  • CVE-2022-44455
  • Assigner
  • scy@openharmony.io
  • Vulnerability Status
  • Analyzed
  • Published Version
  • 2022-12-08T16:15:13
  • Last Modified Date
  • 2022-12-12T15:49:43
Weakness Enumerations
CWE URL
CWE-120 http://cwe.mitre.org/data/definitions/120.html
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:a:openharmony:openharmony:*:*:*:*:lts:*:*:* 1 OR 3.0 3.0.6
cpe:2.3:a:openharmony:openharmony:*:*:*:*:*:*:*:* 1 OR 3.1 3.1.2
References
Reference URL Reference Tags
https://gitee.com/openharmony/security/blob/master/en/security-disclosure/2022/2022-12.md
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2022-44455
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44455
History
Created Old Value New Value Data Type Notes
2022-12-08 17:16:14 Added to TrackCVE
2022-12-10 02:15:04 2022-12-08T16:15:13.413 2022-12-08T16:15:13 CVE Published Date updated
2022-12-10 02:15:04 2022-12-08T16:29:05 CVE Modified Date updated
2022-12-10 02:15:04 Awaiting Analysis Undergoing Analysis Vulnerability Status updated
2022-12-10 05:35:39 Undergoing Analysis Awaiting Analysis Vulnerability Status updated
2022-12-12 12:24:10 Awaiting Analysis Undergoing Analysis Vulnerability Status updated
2022-12-12 16:16:20 2022-12-12T15:49:43 CVE Modified Date updated
2022-12-12 16:16:20 Undergoing Analysis Analyzed Vulnerability Status updated
2022-12-12 16:16:20 CWE-120 Weakness Enumeration new
2022-12-12 16:16:22 CPE Information updated