lists.openatom.io
Sign In
Sign Up
Sign In
Sign Up
Manage this list
×
Keyboard Shortcuts
Thread View
j
: Next unread message
k
: Previous unread message
j a
: Jump to all threads
j l
: Jump to MailingList overview
2024
April
March
February
January
2023
December
November
October
September
August
July
June
May
April
March
February
January
2022
December
November
October
September
August
July
June
May
List overview
Download
Security-bulletin
August 2022
----- 2024 -----
April 2024
March 2024
February 2024
January 2024
----- 2023 -----
December 2023
November 2023
October 2023
September 2023
August 2023
July 2023
June 2023
May 2023
April 2023
March 2023
February 2023
January 2023
----- 2022 -----
December 2022
November 2022
October 2022
September 2022
August 2022
July 2022
June 2022
May 2022
security@openharmony.io
1 participants
1 discussions
Start a n
N
ew thread
OpenHarmony8月安全公告 Security Vulnerabilities in August 2022
by Liuxu (louis)
2022年8月安全漏洞 发布于2022.8.2 漏洞编号 相关漏洞 漏洞描述 漏洞影响 受影响的版本 受影响的仓库 修复链接 参考链接 OpenHarmony-SA-2022-0801 NA 电话服务子系统telephony_sms_mms组件DecodeUCS2Data存在DoS漏洞。 攻击者可在网络内发起攻击,访问非法内存,导致进程崩溃。 OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS OpenHarmony-v3.1-Release telephony_sms_mms 3.0.x<
https://gitee.com/openharmony/telephony_sms_mms/pulls/404
> 3.1.x<
https://gitee.com/openharmony/telephony_sms_mms/pulls/355
> 本项目组上报 OpenHarmony-SA-2022-0802 NA 电话服务子系统telephony_sms_mms组件DecodeGSMData存在DoS漏洞。 攻击者可在网络内发起攻击,访问非法内存,导致进程崩溃。 OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS OpenHarmony-v3.1-Release telephony_sms_mms 3.0.x<
https://gitee.com/openharmony/telephony_sms_mms/pulls/404
> 3.1.x<
https://gitee.com/openharmony/telephony_sms_mms/pulls/355
> 本项目组上报 OpenHarmony-SA-2022-0803 NA 电话服务子系统telephony_sms_mms组件DecodeAddress存在DoS漏洞。 攻击者可在网络内发起攻击,访问非法内存,导致进程崩溃。 OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS OpenHarmony-v3.1-Release telephony_sms_mms 3.0.x<
https://gitee.com/openharmony/telephony_sms_mms/pulls/404
> 3.1.x<
https://gitee.com/openharmony/telephony_sms_mms/pulls/355
> 本项目组上报 OpenHarmony-SA-2022-0804 NA 电话服务子系统telephony_sms_mms组件Decode8bitData存在DoS漏洞。 攻击者可在网络内发起攻击,访问非法内存,导致进程崩溃。 OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS OpenHarmony-v3.1-Release telephony_sms_mms 3.0.x<
https://gitee.com/openharmony/telephony_sms_mms/pulls/404
> 3.1.x<
https://gitee.com/openharmony/telephony_sms_mms/pulls/355
> 本项目组上报 OpenHarmony-SA-2022-0806 NA 通信子系统分布式软总线组件SendMessage接口存在漏洞,导致权限管控被绕过。 攻击者可在本地发起攻击,绕过权限管控机制,进一步向局域网内设备写入任意数据。 OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS OpenHarmony-v3.1-Release到OpenHarmony-v3.1.1-Release communication_dsoftbus 3.0.x<
https://gitee.com/openharmony/communication_dsoftbus/pulls/1668
> 本项目组上报 以下为三方库漏洞,只提供CVE、严重程度、受影响的OpenHarmony版本,详细信息请参考三方公告。 CVE 严重程度 受影响的OpenHarmony版本 修复链接 CVE-2022-1729 高 OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS OpenHarmony-v3.1-Release到OpenHarmony-v3.1.1-Release 3.0.x<
https://gitee.com/openharmony/kernel_linux_5.10/pulls/255
> 3.1.x<
https://gitee.com/openharmony/kernel_linux_5.10/pulls/299
> CVE-2022-29581 高 OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS OpenHarmony-v3.1-Release到OpenHarmony-v3.1.1-Release 3.0.x<
https://gitee.com/openharmony/kernel_linux_5.10/pulls/255
> 3.1.x<
https://gitee.com/openharmony/kernel_linux_5.10/pulls/299
> CVE-2022-20008 高 OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS OpenHarmony-v3.1-Release 3.0.x<
https://gitee.com/openharmony/kernel_linux_5.10/pulls/241
> 3.1.x<
https://gitee.com/openharmony/kernel_linux_5.10/pulls/214
> CVE-2022-1195 中 OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS OpenHarmony-v3.1-Release 3.0.x<
https://gitee.com/openharmony/kernel_linux_5.10/pulls/241
> 3.1.x<
https://gitee.com/openharmony/kernel_linux_5.10/pulls/214
> CVE-2022-1516 中 OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS OpenHarmony-v3.1-Release 3.0.x<
https://gitee.com/openharmony/kernel_linux_5.10/pulls/241
> 3.1.x<
https://gitee.com/openharmony/kernel_linux_5.10/pulls/214
> CVE-2022-30594 中 OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS OpenHarmony-v3.1-Release 3.0.x<
https://gitee.com/openharmony/kernel_linux_5.10/pulls/241
> 3.1.x<
https://gitee.com/openharmony/kernel_linux_5.10/pulls/214
> CVE-2022-1012 高 OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS OpenHarmony-v3.1-Release到OpenHarmony-v3.1.1-Release 3.0.x<
https://gitee.com/openharmony/kernel_linux_5.10/pulls/237
> 3.1.x<
https://gitee.com/openharmony/kernel_linux_5.10/pulls/224
> CVE-2022-29824 高 OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS OpenHarmony-v3.1-Release 3.0.x<
https://gitee.com/openharmony/third_party_libxml2/pulls/23
> 3.1.x<
https://gitee.com/openharmony/third_party_libxml2/pulls/21
> CVE-2022-1475 中 OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS OpenHarmony-v3.1-Release 3.0.x<
https://gitee.com/openharmony/third_party_ffmpeg/pulls/41
> 3.1.x<
https://gitee.com/openharmony/third_party_ffmpeg/pulls/36
> CVE-2022-27406 高 OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS OpenHarmony-v3.1-Release到OpenHarmony-v3.1.1-Release 3.0.x<
https://gitee.com/openharmony/third_party_freetype/pulls/17
> [3.1.x]not fixed CVE-2022-27404 严重 OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS OpenHarmony-v3.1-Release到OpenHarmony-v3.1.1-Release 3.0.x<
https://gitee.com/openharmony/third_party_freetype/pulls/17
> [3.1.x]not fixed CVE-2022-1974 中 OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS OpenHarmony-v3.1-Release到OpenHarmony-v3.1.1-Release 3.0.x<
https://gitee.com/openharmony/kernel_linux_5.10/pulls/260
> 3.1.x<
https://gitee.com/openharmony/kernel_linux_5.10/pulls/302
> CVE-2022-1734 高 OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS OpenHarmony-v3.1-Release 3.0.x<
https://gitee.com/openharmony/kernel_linux_5.10/pulls/260
> 3.1.x<
https://gitee.com/openharmony/kernel_linux_5.10/pulls/214
> CVE-2022-1199 中 OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS OpenHarmony-v3.1-Release到OpenHarmony-v3.1.1-Release 3.0.x<
https://gitee.com/openharmony/kernel_linux_5.10/pulls/260
> 3.1.x<
https://gitee.com/openharmony/kernel_linux_5.10/pulls/333
> CVE-2022-1966 高 OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS OpenHarmony-v3.1-Release到OpenHarmony-v3.1.1-Release 3.0.x<
https://gitee.com/openharmony/kernel_linux_5.10/pulls/258
> 3.1.x<
https://gitee.com/openharmony/kernel_linux_5.10/pulls/332
> CVE-2022-1786 高 OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS OpenHarmony-v3.1-Release到OpenHarmony-v3.1.1-Release 3.0.x<
https://gitee.com/openharmony/kernel_linux_5.10/pulls/258
> 3.1.x<
https://gitee.com/openharmony/kernel_linux_5.10/pulls/332
> CVE-2022-1280 高 OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS 3.0.x<
https://gitee.com/openharmony/kernel_linux_5.10/pulls/233
> CVE-2022-45868 中 OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS 3.0.x<
https://gitee.com/openharmony/kernel_linux_5.10/pulls/233
> Security Vulnerabilities in August 2022 published August 2,2022 Vulnerability ID related Vulnerability Vulnerability Descripton Vulnerability Impact affected versions affected projects fix link reference OpenHarmony-SA-2022-0801 NA DecodeUCS2Data in telephony_sms_mms component of telephony subsystem, has a DoS vulnerability. Network attackers can access illegal memory and crash the process. OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS OpenHarmony-v3.1-Release telephony_sms_mms 3.0.x<
https://gitee.com/openharmony/telephony_sms_mms/pulls/404
> 3.1.x<
https://gitee.com/openharmony/telephony_sms_mms/pulls/355
> Reported by OpenHarmony Team OpenHarmony-SA-2022-0802 NA DecodeGSMData in telephony_sms_mms component of telephony subsystem, has a DoS vulnerability. Network attackers can access illegal memory and crash the process. OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS OpenHarmony-v3.1-Release telephony_sms_mms 3.0.x<
https://gitee.com/openharmony/telephony_sms_mms/pulls/404
> 3.1.x<
https://gitee.com/openharmony/telephony_sms_mms/pulls/355
> Reported by OpenHarmony Team OpenHarmony-SA-2022-0803 NA DecodeAddress in telephony_sms_mms component of telephony subsystem, has a DoS vulnerability. Network attackers can access illegal memory and crash the process. OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS OpenHarmony-v3.1-Release telephony_sms_mms 3.0.x<
https://gitee.com/openharmony/telephony_sms_mms/pulls/404
> 3.1.x<
https://gitee.com/openharmony/telephony_sms_mms/pulls/355
> Reported by OpenHarmony Team OpenHarmony-SA-2022-0804 NA Decode8bitData in telephony_sms_mms component of telephony subsystem, has a DoS vulnerability. Network attackers can access illegal memory and crash the process. OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS OpenHarmony-v3.1-Release telephony_sms_mms 3.0.x<
https://gitee.com/openharmony/telephony_sms_mms/pulls/404
> 3.1.x<
https://gitee.com/openharmony/telephony_sms_mms/pulls/355
> Reported by OpenHarmony Team OpenHarmony-SA-2022-0806 NA SendMessage in dsoftbus in communication subsystem has a permission bypass vulnerability. Local attackers can bypass the permission check, and write any data into network devices. OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release communication_dsoftbus 3.0.x<
https://gitee.com/openharmony/communication_dsoftbus/pulls/1668
> Reported by OpenHarmony Team The following table lists the third-party library vulnerabilities with only the CVE, severity, and affected OpenHarmony versions provided. For more details, see the security bulletins released by third-parties. CVE severity affected OpenHarmony versions fix link CVE-2022-1729 High OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release 3.0.x<
https://gitee.com/openharmony/kernel_linux_5.10/pulls/255
> 3.1.x<
https://gitee.com/openharmony/kernel_linux_5.10/pulls/299
> CVE-2022-29581 High OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release 3.0.x<
https://gitee.com/openharmony/kernel_linux_5.10/pulls/255
> 3.1.x<
https://gitee.com/openharmony/kernel_linux_5.10/pulls/299
> CVE-2022-20008 High OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS OpenHarmony-v3.1-Release 3.0.x<
https://gitee.com/openharmony/kernel_linux_5.10/pulls/241
> 3.1.x<
https://gitee.com/openharmony/kernel_linux_5.10/pulls/214
> CVE-2022-1195 Medium OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS OpenHarmony-v3.1-Release 3.0.x<
https://gitee.com/openharmony/kernel_linux_5.10/pulls/241
> 3.1.x<
https://gitee.com/openharmony/kernel_linux_5.10/pulls/214
> CVE-2022-1516 Medium OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS OpenHarmony-v3.1-Release 3.0.x<
https://gitee.com/openharmony/kernel_linux_5.10/pulls/241
> 3.1.x<
https://gitee.com/openharmony/kernel_linux_5.10/pulls/214
> CVE-2022-30594 Medium OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS OpenHarmony-v3.1-Release 3.0.x<
https://gitee.com/openharmony/kernel_linux_5.10/pulls/241
> 3.1.x<
https://gitee.com/openharmony/kernel_linux_5.10/pulls/214
> CVE-2022-1012 High OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release 3.0.x<
https://gitee.com/openharmony/kernel_linux_5.10/pulls/237
> 3.1.x<
https://gitee.com/openharmony/kernel_linux_5.10/pulls/224
> CVE-2022-29824 High OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS OpenHarmony-v3.1-Release 3.0.x<
https://gitee.com/openharmony/third_party_libxml2/pulls/23
> 3.1.x<
https://gitee.com/openharmony/third_party_libxml2/pulls/21
> CVE-2022-1475 Medium OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS OpenHarmony-v3.1-Release 3.0.x<
https://gitee.com/openharmony/third_party_ffmpeg/pulls/41
> 3.1.x<
https://gitee.com/openharmony/third_party_ffmpeg/pulls/36
> CVE-2022-27406 High OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release 3.0.x<
https://gitee.com/openharmony/third_party_freetype/pulls/17
> [3.1.x]not fixed CVE-2022-27404 Critical OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release 3.0.x<
https://gitee.com/openharmony/third_party_freetype/pulls/17
> [3.1.x]not fixed CVE-2022-1974 Medium OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release 3.0.x<
https://gitee.com/openharmony/kernel_linux_5.10/pulls/260
> 3.1.x<
https://gitee.com/openharmony/kernel_linux_5.10/pulls/302
> CVE-2022-1734 High OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS OpenHarmony-v3.1-Release 3.0.x<
https://gitee.com/openharmony/kernel_linux_5.10/pulls/260
> 3.1.x<
https://gitee.com/openharmony/kernel_linux_5.10/pulls/214
> CVE-2022-1199 Medium OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release 3.0.x<
https://gitee.com/openharmony/kernel_linux_5.10/pulls/260
> 3.1.x<
https://gitee.com/openharmony/kernel_linux_5.10/pulls/333
> CVE-2022-1966 High OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release 3.0.x<
https://gitee.com/openharmony/kernel_linux_5.10/pulls/258
> 3.1.x<
https://gitee.com/openharmony/kernel_linux_5.10/pulls/332
> CVE-2022-1786 High OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release 3.0.x<
https://gitee.com/openharmony/kernel_linux_5.10/pulls/258
> 3.1.x<
https://gitee.com/openharmony/kernel_linux_5.10/pulls/332
> CVE-2022-1280 High OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS 3.0.x<
https://gitee.com/openharmony/kernel_linux_5.10/pulls/233
> CVE-2022-45868 Medium OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS 3.0.x<
https://gitee.com/openharmony/kernel_linux_5.10/pulls/233
>
1 year, 8 months
1
0
0
0
← Newer
1
Older →
Jump to page:
1
Results per page:
10
25
50
100
200