[Security-bulletin] OpenHarmony 2023年03月安全公告 Security Vulnerabilities in March 2023

7 Mar 2023

      2023年03月安全漏洞

发布于2023.03.07
最后更新于2023.03.07
漏洞编号

相关漏洞

漏洞描述

漏洞影响

CVSS3.1基础得分

受影响的版本

受影响的仓库

修复链接

参考链接

OpenHarmony-SA-2023-0301

CVE-2023-24465

WLAN组件子系统通信设备服务的一个接口，在接受外部数据时存在空指针引用。

本地攻击者利用此漏洞，可导致当前应用crash。

5.5

OpenHarmony-v3.1-Release 到 OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS 到 OpenHarmony-v3.0.7-LTS

communication_wifi

3.1.x<https://gitee.com/openharmony/communication_wifi/pulls/788>
3.0.x<https://gitee.com/openharmony/communication_wifi/pulls/862>

本项目组上报

OpenHarmony-SA-2023-0302

CVE-2023-25947

包管理模块存在安装hap包时没有做有效性判断的漏洞。

本地攻击者利用此漏洞构造非法数据，在安装hap包时可以导致系统无响应。

6.2

OpenHarmony-v3.1-Release 到 OpenHarmony-v3.1.4-Release

bundlemanager_bundle_framework

3.1.x<https://gitee.com/openharmony/bundlemanager_bundle_framework/pulls/3094>

本项目组上报

以下为三方库漏洞，只提供CVE、严重程度、受影响的OpenHarmony版本，详细信息请参考三方公告。
CVE

严重程度

受影响的OpenHarmony版本

修复链接

CVE-2022-47946

中

OpenHarmony-v3.1-Release到OpenHarmony-v3.1.5-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS

3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/646>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/647>

CVE-2022-2196

低

OpenHarmony-v3.1-Release到OpenHarmony-v3.1.6-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS

3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/665>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/666>

CVE-2023-0047

中

OpenHarmony-v3.1-Release到OpenHarmony-v3.1.5-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS

3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/631>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/632>

CVE-2023-23559

中

OpenHarmony-v3.1-Release到OpenHarmony-v3.1.6-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS

3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/661>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/662>

CVE-2022-3640

高

OpenHarmony-v3.1-Release到OpenHarmony-v3.1.5-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS

3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/659>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/660>

CVE-2022-47929

中

OpenHarmony-v3.1-Release到OpenHarmony-v3.1.6-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS

3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/677>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/678>

CVE-2023-0179

高

OpenHarmony-v3.1-Release到OpenHarmony-v3.1.6-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS

3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/661>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/662>

CVE-2023-0394

中

OpenHarmony-v3.1-Release到OpenHarmony-v3.1.6-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS

3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/677>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/678>

CVE-2023-23454

中

OpenHarmony-v3.1-Release到OpenHarmony-v3.1.6-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS

3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/661>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/662>

CVE-2023-23455

中

OpenHarmony-v3.1-Release到OpenHarmony-v3.1.6-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS

3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/661>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/662>

CVE-2023-0590

高

OpenHarmony-v3.1-Release到OpenHarmony-v3.1.6-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS

3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/687>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/688>

CVE-2023-0615

中

OpenHarmony-v3.1-Release到OpenHarmony-v3.1.6-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.8-LTS

3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/696>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/697>

CVE-2023-0045

中

OpenHarmony-v3.1-Release到OpenHarmony-v3.1.6-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.8-LTS

3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/696>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/697>

CVE-2023-20938

高

OpenHarmony-v3.1-Release到OpenHarmony-v3.1.6-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.8-LTS

3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/696>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/697>

CVE-2022-3176

高

OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS

3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/553>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/561>

CVE-2023-0045

中

OpenHarmony-v3.1-Release到OpenHarmony-v3.1.6-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.8-LTS

3.1.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/96>
3.0.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/97>

CVE-2022-3028

高

OpenHarmony-v3.1-Release到OpenHarmony-v3.1.6-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.8-LTS

3.1.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/98>
3.0.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/99>

CVE-2020-36516

中

OpenHarmony-v3.1-Release到OpenHarmony-v3.1.6-Release

3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/682>

CVE-2022-3341

中

OpenHarmony-v3.1-Release到OpenHarmony-v3.1.5-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS
OpenHarmony-v1.0.1-release到OpenHarmony-v1.1.5-LTS

3.1.x<https://gitee.com/openharmony/third_party_ffmpeg/pulls/74>
3.0.x<https://gitee.com/openharmony/third_party_ffmpeg/pulls/73>
1.1.x<https://gitee.com/openharmony/device_hisilicon_third_party_ffmpeg/pulls/19>

CVE-2022-4450

中

OpenHarmony-v3.1-Release到OpenHarmony-v3.1.6-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS
OpenHarmony-v1.0.1-release到OpenHarmony-v1.1.5-LTS

3.1.x<https://gitee.com/openharmony/third_party_openssl/pulls/80>
3.0.x<https://gitee.com/openharmony/third_party_openssl/pulls/81>
1.1.x<https://gitee.com/openharmony/third_party_openssl/pulls/82>

CVE-2023-0286

高

OpenHarmony-v3.1-Release到OpenHarmony-v3.1.6-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.8-LTS
OpenHarmony-v1.0.1-release到OpenHarmony-v1.1.5-LTS

3.1.x<https://gitee.com/openharmony/third_party_openssl/pulls/83>
3.0.x<https://gitee.com/openharmony/third_party_openssl/pulls/85>
1.1.x<https://gitee.com/openharmony/third_party_openssl/pulls/86>

CVE-2023-0215

中

OpenHarmony-v3.1-Release到OpenHarmony-v3.1.6-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.8-LTS
OpenHarmony-v1.0.1-release到OpenHarmony-v1.1.5-LTS

3.1.x<https://gitee.com/openharmony/third_party_openssl/pulls/83>
3.0.x<https://gitee.com/openharmony/third_party_openssl/pulls/85>
1.1.x<https://gitee.com/openharmony/third_party_openssl/pulls/86>

CVE-2022-4304

中

OpenHarmony-v3.1-Release到OpenHarmony-v3.1.6-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.8-LTS
OpenHarmony-v1.0.1-release到OpenHarmony-v1.1.5-LTS

3.1.x<https://gitee.com/openharmony/third_party_openssl/pulls/87>
3.0.x<https://gitee.com/openharmony/third_party_openssl/pulls/88>
1.1.x<https://gitee.com/openharmony/third_party_openssl/pulls/89>

CVE-2021-41751

严重

OpenHarmony-v3.1-Release到OpenHarmony-v3.1.6-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.8-LTS

3.1.x<https://gitee.com/openharmony/third_party_jerryscript/pulls/101>
3.0.x<https://gitee.com/openharmony/third_party_jerryscript/pulls/102>

CVE-2021-43453

严重

OpenHarmony-v3.1-Release到OpenHarmony-v3.1.6-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.8-LTS

3.1.x<https://gitee.com/openharmony/third_party_jerryscript/pulls/103>
3.0.x<https://gitee.com/openharmony/third_party_jerryscript/pulls/104>

CVE-2022-1304

高

OpenHarmony-v3.1-Release到OpenHarmony-v3.1.6-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS

3.1.x<https://gitee.com/openharmony/third_party_e2fsprogs/pulls/51>
3.0.x<https://gitee.com/openharmony/third_party_e2fsprogs/pulls/52>

CVE-2023-23914

中

OpenHarmony-v3.1-Release到OpenHarmony-v3.1.6-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.8-LTS
OpenHarmony-v1.0.1-release到OpenHarmony-v1.1.5-LTS

3.1.x<https://gitee.com/openharmony/third_party_curl/pulls/110>
3.0.x<https://gitee.com/openharmony/third_party_curl/pulls/111>
1.1.x<https://gitee.com/openharmony/third_party_curl/pulls/112>

CVE-2023-23915

中

OpenHarmony-v3.1-Release到OpenHarmony-v3.1.6-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.8-LTS
OpenHarmony-v1.0.1-release到OpenHarmony-v1.1.5-LTS

3.1.x<https://gitee.com/openharmony/third_party_curl/pulls/110>
3.0.x<https://gitee.com/openharmony/third_party_curl/pulls/111>
1.1.x<https://gitee.com/openharmony/third_party_curl/pulls/112>

CVE-2023-23916

中

OpenHarmony-v3.1-Release到OpenHarmony-v3.1.6-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.8-LTS
OpenHarmony-v1.0.1-release到OpenHarmony-v1.1.5-LTS

3.1.x<https://gitee.com/openharmony/third_party_curl/pulls/110>
3.0.x<https://gitee.com/openharmony/third_party_curl/pulls/111>
1.1.x<https://gitee.com/openharmony/third_party_curl/pulls/112>

CVE-2020-35538

中

OpenHarmony-v3.1-Release到OpenHarmony-v3.1.6-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.8-LTS

3.1.x<https://gitee.com/openharmony/third_party_flutter/pulls/250>
3.0.x<https://gitee.com/openharmony/third_party_flutter/pulls/251>

CVE-2022-37434

严重

OpenHarmony-v3.1-Release到OpenHarmony-v3.1.6-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.8-LTS

3.1.x<https://gitee.com/openharmony/third_party_flutter/pulls/247>
3.0.x<https://gitee.com/openharmony/third_party_flutter/pulls/248>

Security Vulnerabilities in Feburary 2023

published March 7,2023
updated March 7,2023
Vulnerability ID

related Vulnerability

Vulnerability Description

Vulnerability Impact

CVSS3.1 Base Score

affected versions

affected projects

fix link

reference

OpenHarmony-SA-2023-0301

CVE-2023-24465

Communication Wi-Fi subsystem has a null pointer reference vulnerability when receiving external data.

Local attackers can exploit this vulnerability to cause the current application to crash.

5.5

OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS

communication_wifi

3.1.x<https://gitee.com/openharmony/communication_wifi/pulls/788>
3.0.x<https://gitee.com/openharmony/communication_wifi/pulls/862>

Reported by OpenHarmony Team

OpenHarmony-SA-2023-0302

CVE-2023-25947

The bundle management subsystem has a improper input validation when installing a HAP package.

Local attackers can exploit this vulnerability to cause a DoS attack to the system when installing a malicious HAP package.

6.2

OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release

bundlemanager_bundle_framework

3.1.x<https://gitee.com/openharmony/bundlemanager_bundle_framework/pulls/3094>

Reported by OpenHarmony Team

The following table lists the third-party library vulnerabilities with only the CVE, severity, and affected OpenHarmony versions provided. For more details, see the security bulletins released by third-parties.
CVE

severity

affected OpenHarmony versions

fix link

CVE-2022-47946

Medium

OpenHarmony-v3.1-Release through OpenHarmony-v3.1.5-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS

3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/646>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/647>

CVE-2022-2196

Low

OpenHarmony-v3.1-Release through OpenHarmony-v3.1.6-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS

3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/665>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/666>

CVE-2023-0047

Medium

OpenHarmony-v3.1-Release through OpenHarmony-v3.1.5-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS

3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/631>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/632>

CVE-2023-23559

Medium

OpenHarmony-v3.1-Release through OpenHarmony-v3.1.6-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS

3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/661>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/662>

CVE-2022-3640

High

OpenHarmony-v3.1-Release through OpenHarmony-v3.1.5-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS

3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/659>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/660>

CVE-2022-47929

Medium

OpenHarmony-v3.1-Release through OpenHarmony-v3.1.6-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS

3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/677>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/678>

CVE-2023-0179

High

OpenHarmony-v3.1-Release through OpenHarmony-v3.1.6-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS

3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/661>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/662>

CVE-2023-0394

Medium

OpenHarmony-v3.1-Release through OpenHarmony-v3.1.6-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS

3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/677>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/678>

CVE-2023-23454

Medium

OpenHarmony-v3.1-Release through OpenHarmony-v3.1.6-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS

3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/661>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/662>

CVE-2023-23455

Medium

OpenHarmony-v3.1-Release through OpenHarmony-v3.1.6-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS

3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/661>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/662>

CVE-2023-0590

High

OpenHarmony-v3.1-Release through OpenHarmony-v3.1.6-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS

3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/687>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/688>

CVE-2023-0615

Medium

OpenHarmony-v3.1-Release through OpenHarmony-v3.1.6-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.8-LTS

3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/696>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/697>

CVE-2023-0045

Medium

OpenHarmony-v3.1-Release through OpenHarmony-v3.1.6-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.8-LTS

3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/696>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/697>

CVE-2023-20938

High

OpenHarmony-v3.1-Release through OpenHarmony-v3.1.6-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.8-LTS

3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/696>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/697>

CVE-2022-3176

High

OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS

3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/553>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/561>

CVE-2023-0045

Medium

OpenHarmony-v3.1-Release through OpenHarmony-v3.1.6-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.8-LTS

3.1.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/96>
3.0.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/97>

CVE-2022-3028

High

OpenHarmony-v3.1-Release through OpenHarmony-v3.1.6-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.8-LTS

3.1.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/98>
3.0.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/99>

CVE-2020-36516

Medium

OpenHarmony-v3.1-Release through OpenHarmony-v3.1.6-Release

3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/682>

CVE-2022-3341

Medium

OpenHarmony-v3.1-Release through OpenHarmony-v3.1.5-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS
OpenHarmony-v1.0.1-release through OpenHarmony-v1.1.5-LTS

3.1.x<https://gitee.com/openharmony/third_party_ffmpeg/pulls/74>
3.0.x<https://gitee.com/openharmony/third_party_ffmpeg/pulls/73>
1.1.x<https://gitee.com/openharmony/device_hisilicon_third_party_ffmpeg/pulls/19>

CVE-2022-4450

Medium

OpenHarmony-v3.1-Release through OpenHarmony-v3.1.6-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS
OpenHarmony-v1.0.1-release through OpenHarmony-v1.1.5-LTS

3.1.x<https://gitee.com/openharmony/third_party_openssl/pulls/80>
3.0.x<https://gitee.com/openharmony/third_party_openssl/pulls/81>
1.1.x<https://gitee.com/openharmony/third_party_openssl/pulls/82>

CVE-2023-0286

High

OpenHarmony-v3.1-Release through OpenHarmony-v3.1.6-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.8-LTS
OpenHarmony-v1.0.1-release through OpenHarmony-v1.1.5-LTS

3.1.x<https://gitee.com/openharmony/third_party_openssl/pulls/83>
3.0.x<https://gitee.com/openharmony/third_party_openssl/pulls/85>
1.1.x<https://gitee.com/openharmony/third_party_openssl/pulls/86>

CVE-2023-0215

Medium

OpenHarmony-v3.1-Release through OpenHarmony-v3.1.6-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.8-LTS
OpenHarmony-v1.0.1-release through OpenHarmony-v1.1.5-LTS

3.1.x<https://gitee.com/openharmony/third_party_openssl/pulls/83>
3.0.x<https://gitee.com/openharmony/third_party_openssl/pulls/85>
1.1.x<https://gitee.com/openharmony/third_party_openssl/pulls/86>

CVE-2022-4304

Medium

OpenHarmony-v3.1-Release through OpenHarmony-v3.1.6-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.8-LTS
OpenHarmony-v1.0.1-release through OpenHarmony-v1.1.5-LTS

3.1.x<https://gitee.com/openharmony/third_party_openssl/pulls/87>
3.0.x<https://gitee.com/openharmony/third_party_openssl/pulls/88>
1.1.x<https://gitee.com/openharmony/third_party_openssl/pulls/89>

CVE-2021-41751

Critical

OpenHarmony-v3.1-Release through OpenHarmony-v3.1.6-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.8-LTS

3.1.x<https://gitee.com/openharmony/third_party_jerryscript/pulls/101>
3.0.x<https://gitee.com/openharmony/third_party_jerryscript/pulls/102>

CVE-2021-43453

Critical

OpenHarmony-v3.1-Release through OpenHarmony-v3.1.6-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.8-LTS

3.1.x<https://gitee.com/openharmony/third_party_jerryscript/pulls/103>
3.0.x<https://gitee.com/openharmony/third_party_jerryscript/pulls/104>

CVE-2022-1304

High

OpenHarmony-v3.1-Release through OpenHarmony-v3.1.6-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS

3.1.x<https://gitee.com/openharmony/third_party_e2fsprogs/pulls/51>
3.0.x<https://gitee.com/openharmony/third_party_e2fsprogs/pulls/52>

CVE-2023-23914

Medium

OpenHarmony-v3.1-Release through OpenHarmony-v3.1.6-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.8-LTS
OpenHarmony-v1.0.1-release through OpenHarmony-v1.1.5-LTS

3.1.x<https://gitee.com/openharmony/third_party_curl/pulls/110>
3.0.x<https://gitee.com/openharmony/third_party_curl/pulls/111>
1.1.x<https://gitee.com/openharmony/third_party_curl/pulls/112>

CVE-2023-23915

Medium

OpenHarmony-v3.1-Release through OpenHarmony-v3.1.6-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.8-LTS
OpenHarmony-v1.0.1-release through OpenHarmony-v1.1.5-LTS

3.1.x<https://gitee.com/openharmony/third_party_curl/pulls/110>
3.0.x<https://gitee.com/openharmony/third_party_curl/pulls/111>
1.1.x<https://gitee.com/openharmony/third_party_curl/pulls/112>

CVE-2023-23916

Medium

OpenHarmony-v3.1-Release through OpenHarmony-v3.1.6-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.8-LTS
OpenHarmony-v1.0.1-release through OpenHarmony-v1.1.5-LTS

3.1.x<https://gitee.com/openharmony/third_party_curl/pulls/110>
3.0.x<https://gitee.com/openharmony/third_party_curl/pulls/111>
1.1.x<https://gitee.com/openharmony/third_party_curl/pulls/112>

CVE-2020-35538

Medium

OpenHarmony-v3.1-Release through OpenHarmony-v3.1.6-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.8-LTS

3.1.x<https://gitee.com/openharmony/third_party_flutter/pulls/250>
3.0.x<https://gitee.com/openharmony/third_party_flutter/pulls/251>

CVE-2022-37434

Critical

OpenHarmony-v3.1-Release through OpenHarmony-v3.1.6-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.8-LTS

3.1.x<https://gitee.com/openharmony/third_party_flutter/pulls/247>
3.0.x<https://gitee.com/openharmony/third_party_flutter/pulls/248>

[Security-bulletin] OpenHarmony 2023年03月安全公告 Security Vulnerabilities in March 2023

Liuxu (louis)