发布于2024.01.02

CVE	漏洞描述	漏洞影响	CVSS3.1基础得分	受影响的版本	受影响的仓库	修复链接
CVE-2023-47216	Liteos-A 资源未释放的漏洞	本地攻击者通过本漏洞造成DOS	2.9	OpenHarmony-v3.2-Release到OpenHarmony-v3.2.2	third_party_musl	3.2.x
CVE-2023-49142	多媒体音频组件指针释放后使用的漏洞	本地攻击者通过本漏洞造成音频组件崩溃	4.0	OpenHarmony-v3.2-Release到OpenHarmony-v3.2.2	multimedia_audio_framework	3.2.x
CVE-2023-47857	多媒体相机组件指针释放后使用的漏洞	本地攻击者通过本漏洞造成相机组件崩溃	4.0	OpenHarmony-v3.2-Release到OpenHarmony-v3.2.2	multimedia_camera_framework	3.2.x
CVE-2023-49135	多媒体播放器组件指针释放后使用的漏洞	本地攻击者通过本漏洞造成播放器组件崩溃	4.0	OpenHarmony-v3.2-Release到OpenHarmony-v3.2.2	multimedia_player_framework	3.2.x
CVE-2023-48360	多媒体播放器组件指针释放后使用的漏洞	本地攻击者通过本漏洞造成播放器组件崩溃	4.0	OpenHarmony-v3.2-Release到OpenHarmony-v3.2.2	multimedia_player_framework	3.2.x

以下为三方库漏洞，只提供CVE、严重程度、受影响的OpenHarmony版本，详细信息请参考三方公告。

CVE	严重程度	CVSS 3.1得分	受影响的仓库	受影响的OpenHarmony版本	修复链接
CVE-2023-5849	8.8	高危	third_party_chromium	OpenHarmony-v3.2-Release到OpenHarmony-v3.2.2-Release OpenHarmony-v4.0-Release	3.2.x 4.0.x
CVE-2023-5480	6.1	中危	third_party_chromium	OpenHarmony-v3.2-Release到OpenHarmony-v3.2.2-Release OpenHarmony-v4.0-Release	3.2.x 4.0.x
CVE-2023-5482	8.8	高危	third_party_chromium	OpenHarmony-v3.2-Release到OpenHarmony-v3.2.2-Release OpenHarmony-v4.0-Release	3.2.x 4.0.x
CVE-2023-5996	8.8	高危	third_party_chromium	OpenHarmony-v3.2-Release到OpenHarmony-v3.2.2-Release OpenHarmony-v4.0-Release	3.2.x 4.0.x
CVE-2023-6112	8.8	高危	third_party_chromium	OpenHarmony-v3.2-Release到OpenHarmony-v3.2.2-Release OpenHarmony-v4.0-Release	3.2.x 4.0.x
CVE-2023-5997	8.8	高危	third_party_chromium	OpenHarmony-v3.2-Release到OpenHarmony-v3.2.2-Release OpenHarmony-v4.0-Release	3.2.x 4.0.x
CVE-2023-5717	7.8	高危	kernel_linux_5.10	OpenHarmony-v4.0-Release	4.0.x
CVE-2023-5363	7.5	中危	third_party_openssl	OpenHarmony-v4.0-Release	4.0.x
CVE-2022-46908	7.3	中危	third_party_sqlite	OpenHarmony-v3.2-Release到OpenHarmony-v3.2.2-Release	3.2.x
CVE-2023-40475	6.3	中危	third_party_gstreamer	OpenHarmony-v3.2-Release到OpenHarmony-v3.2.2-Release OpenHarmony-v4.0-Release	3.2.x 4.0.x
CVE-2023-40476	8.3	高危	third_party_gstreamer	OpenHarmony-v3.2-Release到OpenHarmony-v3.2.2-Release OpenHarmony-v4.0-Release	3.2.x 4.0.x
CVE-2023-5472	8.8	高危	third_party_chromium	OpenHarmony-v3.2-Release到OpenHarmony-v3.2.2-Release OpenHarmony-v4.0-Release	3.2.x 4.0.x
CVE-2023-5484	6.5	中危	third_party_chromium	OpenHarmony-v3.2-Release到OpenHarmony-v3.2.2-Release OpenHarmony-v4.0-Release	3.2.x 4.0.x

如下是各维护版本的安全补丁标签，请在合入当月及之前全部对应安全补丁之后，更新安全补丁标签。

安全补丁标签	链接
2024年01月	[4.0.x]
	[3.2.x]