发布于2024.02.02
CVE漏洞描述漏洞影响CVSS3.1得分受影响的版本受影响的仓库修复链接
CVE-2023-49118软总线越界读漏洞本地攻击者通过本漏洞造成信息泄露2.9OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Releasecommunication_dsoftbus3.2.x
CVE-2023-43756软总线越界读漏洞本地攻击者通过本漏洞造成信息泄露2.9OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Releasecommunication_dsoftbus3.2.x
CVE-2023-45734软总线越界写漏洞近场攻击者通过本漏洞执行代码4.2OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Releasecommunication_dsoftbus3.2.x
CVE-2024-21860软总线释放后使用漏洞近场攻击者通过本漏洞在任意应用中执行代码8.2OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Releasecommunication_dsoftbus3.2.x 4.0.x
CVE-2024-21845软总线整数溢出漏洞近场攻击者通过本漏洞造成堆溢出2.9OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Releasecommunication_dsoftbus3.2.x 4.0.x
CVE-2024-21851软总线整数溢出漏洞近场攻击者通过本漏洞造成堆溢出2.9OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Releasecommunication_dsoftbus3.2.x 4.0.x
CVE-2024-21863软总线数据校验不完善的漏洞近场攻击者通过本漏洞造成DOS4.7OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Releasecommunication_dsoftbus3.2.x 4.0.x
CVE-2024-0285软总线未判断数据长度的漏洞近场攻击者通过本漏洞造成DOS4.7OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Releasecommunication_ipc3.2.x 4.0.x

以下为三方库漏洞,只提供CVE、严重程度、受影响的OpenHarmony版本

CVECVSS 3.1 得分严重程度受影响的仓库受影响的OpenHarmony版本修复链接
CVE-2023-56785.3中危third_party_opensslOpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release3.2.x
CVE-2023-444298.8高危third_party_gstreamerOpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release3.2.x
CVE-2023-444468.8高危third_party_gstreamerOpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release3.2.x
CVE-2023-65108.8高危third_party_chromiumOpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release3.2.x 4.0.x
CVE-2023-63459.6致命third_party_chromiumOpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release3.2.x 4.0.x
CVE-2023-63478.8高危third_party_chromiumOpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release3.2.x 4.0.x
CVE-2023-65088.8高危third_party_chromiumOpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release3.2.x 4.0.x
CVE-2023-68177.8高危kernel_linux_5.10OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release3.2.x 4.0.x
CVE-2023-69317.8高危kernel_linux_5.10OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release3.2.x 4.0.x
CVE-2023-69327.0高危kernel_linux_5.10OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release3.2.x 4.0.x
CVE-2023-350017.8高危kernel_linux_5.10OpenHarmony-v4.0-Release4.0.x
CVE-2023-71047.3高危third_party_sqliteOpenHarmony-v4.0-Release4.0.x
CVE-2023-67058.8高危third_party_chromiumOpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release3.2.x 4.0.x
CVE-2023-67028.8高危third_party_chromiumOpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release3.2.x 4.0.x
CVE-2023-67038.8高危third_party_chromiumOpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release3.2.x 4.0.x

请在合入当月及之前全部已公开安全补丁之后,参考如下各维护版本的安全补丁标签更新方法,更新安全补丁标签至02月。

对应维护版本安全补丁修改方式参考链接
3.2.xhttps://gitee.com/openharmony/startup_init/pulls/2478
4.0.xhttps://gitee.com/openharmony/startup_init/pulls/2481