04 Jan '23
2023年01月安全漏洞
发布于2022.01.03
最后更新于2022.01.03
漏洞编号
相关漏洞
漏洞描述
漏洞影响
CVSS3.1基础得分
受影响的版本
受影响的仓库
修复链接
参考链接
OpenHarmony-SA-2023-0101
CVE-2023-0035
通信子系统软总线部件softbus_client_stub存在校验绕过漏洞,可发起SA中继攻击。
攻击者可在本地内发起攻击,造成校验绕过,可进一步提权攻击其他SA。
6.5
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS
communication_dsoftbus
3.0.x<https://gitee.com/openharmony/communication_dsoftbus/pulls/2140>
本项目组上报
OpenHarmony-SA-2023-0102
CVE-2023-0036
杂散子系统输入法部件platform_callback_stub存在校验绕过漏洞,可发起SA中继攻击。
攻击者可在本地内发起攻击,造成校验绕过,可进一步提权攻击其他SA。
6.5
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS
inputmethod_imf
3.0.x<https://gitee.com/openharmony/inputmethod_imf/pulls/228>
本项目组上报
以下为三方库漏洞,只提供CVE、严重程度、受影响的OpenHarmony版本,详细信息请参考三方公告。
CVE
严重程度
受影响的OpenHarmony版本
修复链接
CVE-2021-3782
严重
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
3.0.x<https://gitee.com/openharmony/third_party_wayland_standard/pulls/22>
CVE-2022-3046
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.3-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/349>
CVE-2022-3041
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.3-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/349>
CVE-2022-3040
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.3-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/349>
CVE-2022-3039
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.3-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/349>
CVE-2022-3038
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.3-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/349>
CVE-2022-3057
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.3-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/349>
CVE-2022-3195
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.3-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/349>
CVE-2022-3054
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.3-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/349>
CVE-2022-3075
严重
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.3-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/349>
CVE-2022-3373
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/464>
CVE-2022-3370
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/464>
CVE-2022-3311
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/464>
CVE-2022-3316
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/464>
CVE-2022-3315
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/464>
CVE-2022-3304
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/464>
CVE-2022-43680
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.3-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/third_party_expat/pulls/23>
3.0.x<https://gitee.com/openharmony/third_party_expat/pulls/22>
CVE-2022-32221
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/third_party_curl/pulls/91>
3.0.x<https://gitee.com/openharmony/third_party_curl/pulls/90>
CVE-2022-42916
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/third_party_curl/pulls/91>
3.0.x<https://gitee.com/openharmony/third_party_curl/pulls/90>
CVE-2022-42915
严重
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/third_party_curl/pulls/91>
3.0.x<https://gitee.com/openharmony/third_party_curl/pulls/90>
CVE-2022-44638
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS
3.1.x<https://gitee.com/openharmony/third_party_pixman/pulls/11>
3.0.x<https://gitee.com/openharmony/third_party_pixman/pulls/12>
CVE-2022-40284
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release
3.1.x<https://gitee.com/openharmony/third_party_ntfs-3g/pulls/33>
CVE-2022-40303
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS
3.1.x<https://gitee.com/openharmony/third_party_libxml2/pulls/31>
3.0.x<https://gitee.com/openharmony/third_party_libxml2/pulls/32>
CVE-2022-40304
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS
3.1.x<https://gitee.com/openharmony/third_party_libxml2/pulls/31>
3.0.x<https://gitee.com/openharmony/third_party_libxml2/pulls/32>
CVE-2022-37454
严重
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release
3.1.x<https://gitee.com/openharmony/third_party_python/pulls/35>
CVE-2022-42919
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release
3.1.x<https://gitee.com/openharmony/third_party_python/pulls/36>
CVE-2022-45061
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release
3.1.x<https://gitee.com/openharmony/third_party_python/pulls/37>
CVE-2020-10735
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.3-Release
3.1.x<https://gitee.com/openharmony/third_party_python/pulls/26>
CVE-2022-3169
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/553>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/561>
CVE-2022-42895
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/544>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/545>
CVE-2022-42896
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/544>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/545>
CVE-2022-41858
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/569>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/570>
CVE-2022-45934
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/586>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/587>
CVE-2022-4139
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/567>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/568>
CVE-2022-20566
低
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/582>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/583>
CVE-2022-4378
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/586>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/587>
Security Vulnerabilities in January 2023
published January 3,2023
updated January 3,2023
Vulnerability ID
related Vulnerability
Vulnerability Description
Vulnerability Impact
CVSS3.1 Base Score
affected versions
affected projects
fix link
reference
OpenHarmony-SA-2023-0101
CVE-2023-0035
softbus_client_stub in communication subsystem has an authentication bypass vulnerability which allows an "SA relay attack".
Local attackers can bypass authentication and attack other SAs with high privilege.
6.5
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
communication_dsoftbus
3.0.x<https://gitee.com/openharmony/communication_dsoftbus/pulls/2140>
Reported by OpenHarmony Team
OpenHarmony-SA-2023-0102
CVE-2023-0036
platform_callback_stub in misc subsystem has an authentication bypass vulnerability which allows an "SA relay attack".
Local attackers can bypass authentication and attack other SAs with high privilege.
6.5
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
inputmethod_imf
3.0.x<https://gitee.com/openharmony/inputmethod_imf/pulls/228>
Reported by OpenHarmony Team
The following table lists the third-party library vulnerabilities with only the CVE, severity, and affected OpenHarmony versions provided. For more details, see the security bulletins released by third-parties.
CVE
severity
affected OpenHarmony versions
fix link
CVE-2021-3782
Critical
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.0.x<https://gitee.com/openharmony/third_party_wayland_standard/pulls/22>
CVE-2022-3046
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/349>
CVE-2022-3041
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/349>
CVE-2022-3040
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/349>
CVE-2022-3039
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/349>
CVE-2022-3038
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/349>
CVE-2022-3057
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/349>
CVE-2022-3195
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/349>
CVE-2022-3054
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/349>
CVE-2022-3075
Critical
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/349>
CVE-2022-3373
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/464>
CVE-2022-3370
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/464>
CVE-2022-3311
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/464>
CVE-2022-3316
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/464>
CVE-2022-3315
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/464>
CVE-2022-3304
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/464>
CVE-2022-43680
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/third_party_expat/pulls/23>
3.0.x<https://gitee.com/openharmony/third_party_expat/pulls/22>
CVE-2022-32221
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/third_party_curl/pulls/91>
3.0.x<https://gitee.com/openharmony/third_party_curl/pulls/90>
CVE-2022-42916
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/third_party_curl/pulls/91>
3.0.x<https://gitee.com/openharmony/third_party_curl/pulls/90>
CVE-2022-42915
Critical
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/third_party_curl/pulls/91>
3.0.x<https://gitee.com/openharmony/third_party_curl/pulls/90>
CVE-2022-44638
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS
3.1.x<https://gitee.com/openharmony/third_party_pixman/pulls/11>
3.0.x<https://gitee.com/openharmony/third_party_pixman/pulls/12>
CVE-2022-40284
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
3.1.x<https://gitee.com/openharmony/third_party_ntfs-3g/pulls/33>
CVE-2022-40303
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS
3.1.x<https://gitee.com/openharmony/third_party_libxml2/pulls/31>
3.0.x<https://gitee.com/openharmony/third_party_libxml2/pulls/32>
CVE-2022-40304
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS
3.1.x<https://gitee.com/openharmony/third_party_libxml2/pulls/31>
3.0.x<https://gitee.com/openharmony/third_party_libxml2/pulls/32>
CVE-2022-37454
Critical
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
3.1.x<https://gitee.com/openharmony/third_party_python/pulls/35>
CVE-2022-42919
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
3.1.x<https://gitee.com/openharmony/third_party_python/pulls/36>
CVE-2022-45061
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
3.1.x<https://gitee.com/openharmony/third_party_python/pulls/37>
CVE-2020-10735
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release
3.1.x<https://gitee.com/openharmony/third_party_python/pulls/26>
CVE-2022-3169
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/553>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/561>
CVE-2022-42895
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/544>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/545>
CVE-2022-42896
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/544>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/545>
CVE-2022-41858
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/569>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/570>
CVE-2022-45934
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/586>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/587>
CVE-2022-4139
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/567>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/568>
CVE-2022-20566
Low
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/582>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/583>
CVE-2022-4378
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/586>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/587>
1
0