Security-bulletin

security@openharmony.io

January 2024

1 participants
1 discussions

2024年1月安全公告
by 王晨 02 Jan '24

02 Jan '24

发布于2024.01.02 CVE漏洞描述漏洞影响CVSS3.1基础得分受影响的版本受影响的仓库修复链接 CVE-2023-47216Liteos-A 资源未释放的漏洞本地攻击者通过本漏洞造成DOS2.9OpenHarmony-v3.2-Release到OpenHarmony-v3.2.2third_party_musl3.2.x CVE-2023-49142多媒体音频组件指针释放后使用的漏洞本地攻击者通过本漏洞造成音频组件崩溃4.0OpenHarmony-v3.2-Release到OpenHarmony-v3.2.2multimedia_audio_framework3.2.x CVE-2023-47857多媒体相机组件指针释放后使用的漏洞本地攻击者通过本漏洞造成相机组件崩溃4.0OpenHarmony-v3.2-Release到OpenHarmony-v3.2.2multimedia_camera_framework3.2.x CVE-2023-49135多媒体播放器组件指针释放后使用的漏洞本地攻击者通过本漏洞造成播放器组件崩溃4.0OpenHarmony-v3.2-Release到OpenHarmony-v3.2.2multimedia_player_framework3.2.x CVE-2023-48360多媒体播放器组件指针释放后使用的漏洞本地攻击者通过本漏洞造成播放器组件崩溃4.0OpenHarmony-v3.2-Release到OpenHarmony-v3.2.2multimedia_player_framework3.2.x 以下为三方库漏洞，只提供CVE、严重程度、受影响的OpenHarmony版本，详细信息请参考三方公告。 CVE严重程度CVSS 3.1得分受影响的仓库受影响的OpenHarmony版本修复链接 CVE-2023-58498.8高危third_party_chromiumOpenHarmony-v3.2-Release到OpenHarmony-v3.2.2-Release OpenHarmony-v4.0-Release3.2.x 4.0.x CVE-2023-54806.1中危third_party_chromiumOpenHarmony-v3.2-Release到OpenHarmony-v3.2.2-Release OpenHarmony-v4.0-Release3.2.x 4.0.x CVE-2023-54828.8高危third_party_chromiumOpenHarmony-v3.2-Release到OpenHarmony-v3.2.2-Release OpenHarmony-v4.0-Release3.2.x 4.0.x CVE-2023-59968.8高危third_party_chromiumOpenHarmony-v3.2-Release到OpenHarmony-v3.2.2-Release OpenHarmony-v4.0-Release3.2.x 4.0.x CVE-2023-61128.8高危third_party_chromiumOpenHarmony-v3.2-Release到OpenHarmony-v3.2.2-Release OpenHarmony-v4.0-Release3.2.x 4.0.x CVE-2023-59978.8高危third_party_chromiumOpenHarmony-v3.2-Release到OpenHarmony-v3.2.2-Release OpenHarmony-v4.0-Release3.2.x 4.0.x CVE-2023-57177.8高危kernel_linux_5.10OpenHarmony-v4.0-Release4.0.x CVE-2023-53637.5中危third_party_opensslOpenHarmony-v4.0-Release4.0.x CVE-2022-469087.3中危third_party_sqliteOpenHarmony-v3.2-Release到OpenHarmony-v3.2.2-Release3.2.x CVE-2023-404756.3中危third_party_gstreamerOpenHarmony-v3.2-Release到OpenHarmony-v3.2.2-Release OpenHarmony-v4.0-Release3.2.x 4.0.x CVE-2023-404768.3高危third_party_gstreamerOpenHarmony-v3.2-Release到OpenHarmony-v3.2.2-Release OpenHarmony-v4.0-Release3.2.x 4.0.x CVE-2023-54728.8高危third_party_chromiumOpenHarmony-v3.2-Release到OpenHarmony-v3.2.2-Release OpenHarmony-v4.0-Release3.2.x 4.0.x CVE-2023-54846.5中危third_party_chromiumOpenHarmony-v3.2-Release到OpenHarmony-v3.2.2-Release OpenHarmony-v4.0-Release3.2.x 4.0.x 如下是各维护版本的安全补丁标签，请在合入当月及之前全部对应安全补丁之后，更新安全补丁标签。安全补丁标签链接 2024年01月[4.0.x] [3.2.x]

1 0