CVE-2023-0083

Published: Mar 10, 2023Modified: Nov 21, 2024

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

The ArKUI framework subsystem within OpenHarmony-v3.1.5 and prior versions, OpenHarmony-v3.0.7 and prior versions has an Improper Input Validation vulnerability which local attackers can exploit this vulnerability to send malicious data, causing the current application to crash.

Affected (2)

Products: Openatom: Openharmony

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Openatom Openharmony	From 3.1 to 3.1.5
Openatom Openharmony	From 3.0 to 3.0.7

Related CWEs

Access of Resource Using Incompatible Type ('Type Confusion')

The product allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type.

References (2)

https://gitee.com/openharmony/security/blob/master/en/security-disclosure/2023/2023-02.md

Source: scy@openharmony.io

Third Party Advisory

https://gitee.com/openharmony/security/blob/master/en/security-disclosure/2023/2023-02.md

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.