2023年03月安全漏洞

发布于2023.03.07
最后更新于2023.03.07

漏洞编号	相关漏洞	漏洞描述	漏洞影响	CVSS3.1基础得分	受影响的版本	受影响的仓库	修复链接	参考链接
OpenHarmony-SA-2023-0301	CVE-2023-24465	WLAN组件子系统通信设备服务的一个接口，在接受外部数据时存在空指针引用。	本地攻击者利用此漏洞，可导致当前应用crash。	5.5	OpenHarmony-v3.1-Release 到 OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS 到 OpenHarmony-v3.0.7-LTS	communication_wifi	3.1.x 3.0.x	本项目组上报
OpenHarmony-SA-2023-0302	CVE-2023-25947	包管理模块存在安装hap包时没有做有效性判断的漏洞。	本地攻击者利用此漏洞构造非法数据，在安装hap包时可以导致系统无响应。	6.2	OpenHarmony-v3.1-Release 到 OpenHarmony-v3.1.4-Release	bundlemanager_bundle_framework	3.1.x	本项目组上报

以下为三方库漏洞，只提供CVE、严重程度、受影响的OpenHarmony版本，详细信息请参考三方公告。

CVE	严重程度	受影响的OpenHarmony版本	修复链接
CVE-2022-47946	中	OpenHarmony-v3.1-Release到OpenHarmony-v3.1.5-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS	3.1.x 3.0.x
CVE-2022-2196	低	OpenHarmony-v3.1-Release到OpenHarmony-v3.1.6-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS	3.1.x 3.0.x
CVE-2023-0047	中	OpenHarmony-v3.1-Release到OpenHarmony-v3.1.5-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS	3.1.x 3.0.x
CVE-2023-23559	中	OpenHarmony-v3.1-Release到OpenHarmony-v3.1.6-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS	3.1.x 3.0.x
CVE-2022-3640	高	OpenHarmony-v3.1-Release到OpenHarmony-v3.1.5-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS	3.1.x 3.0.x
CVE-2022-47929	中	OpenHarmony-v3.1-Release到OpenHarmony-v3.1.6-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS	3.1.x 3.0.x
CVE-2023-0179	高	OpenHarmony-v3.1-Release到OpenHarmony-v3.1.6-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS	3.1.x 3.0.x
CVE-2023-0394	中	OpenHarmony-v3.1-Release到OpenHarmony-v3.1.6-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS	3.1.x 3.0.x
CVE-2023-23454	中	OpenHarmony-v3.1-Release到OpenHarmony-v3.1.6-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS	3.1.x 3.0.x
CVE-2023-23455	中	OpenHarmony-v3.1-Release到OpenHarmony-v3.1.6-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS	3.1.x 3.0.x
CVE-2023-0590	高	OpenHarmony-v3.1-Release到OpenHarmony-v3.1.6-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS	3.1.x 3.0.x
CVE-2023-0615	中	OpenHarmony-v3.1-Release到OpenHarmony-v3.1.6-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.8-LTS	3.1.x 3.0.x
CVE-2023-0045	中	OpenHarmony-v3.1-Release到OpenHarmony-v3.1.6-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.8-LTS	3.1.x 3.0.x
CVE-2023-20938	高	OpenHarmony-v3.1-Release到OpenHarmony-v3.1.6-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.8-LTS	3.1.x 3.0.x
CVE-2022-3176	高	OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS	3.1.x 3.0.x
CVE-2023-0045	中	OpenHarmony-v3.1-Release到OpenHarmony-v3.1.6-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.8-LTS	3.1.x 3.0.x
CVE-2022-3028	高	OpenHarmony-v3.1-Release到OpenHarmony-v3.1.6-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.8-LTS	3.1.x 3.0.x
CVE-2020-36516	中	OpenHarmony-v3.1-Release到OpenHarmony-v3.1.6-Release	3.1.x
CVE-2022-3341	中	OpenHarmony-v3.1-Release到OpenHarmony-v3.1.5-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS OpenHarmony-v1.0.1-release到OpenHarmony-v1.1.5-LTS	3.1.x 3.0.x 1.1.x
CVE-2022-4450	中	OpenHarmony-v3.1-Release到OpenHarmony-v3.1.6-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS OpenHarmony-v1.0.1-release到OpenHarmony-v1.1.5-LTS	3.1.x 3.0.x 1.1.x
CVE-2023-0286	高	OpenHarmony-v3.1-Release到OpenHarmony-v3.1.6-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.8-LTS OpenHarmony-v1.0.1-release到OpenHarmony-v1.1.5-LTS	3.1.x 3.0.x 1.1.x
CVE-2023-0215	中	OpenHarmony-v3.1-Release到OpenHarmony-v3.1.6-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.8-LTS OpenHarmony-v1.0.1-release到OpenHarmony-v1.1.5-LTS	3.1.x 3.0.x 1.1.x
CVE-2022-4304	中	OpenHarmony-v3.1-Release到OpenHarmony-v3.1.6-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.8-LTS OpenHarmony-v1.0.1-release到OpenHarmony-v1.1.5-LTS	3.1.x 3.0.x 1.1.x
CVE-2021-41751	严重	OpenHarmony-v3.1-Release到OpenHarmony-v3.1.6-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.8-LTS	3.1.x 3.0.x
CVE-2021-43453	严重	OpenHarmony-v3.1-Release到OpenHarmony-v3.1.6-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.8-LTS	3.1.x 3.0.x
CVE-2022-1304	高	OpenHarmony-v3.1-Release到OpenHarmony-v3.1.6-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS	3.1.x 3.0.x
CVE-2023-23914	中	OpenHarmony-v3.1-Release到OpenHarmony-v3.1.6-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.8-LTS OpenHarmony-v1.0.1-release到OpenHarmony-v1.1.5-LTS	3.1.x 3.0.x 1.1.x
CVE-2023-23915	中	OpenHarmony-v3.1-Release到OpenHarmony-v3.1.6-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.8-LTS OpenHarmony-v1.0.1-release到OpenHarmony-v1.1.5-LTS	3.1.x 3.0.x 1.1.x
CVE-2023-23916	中	OpenHarmony-v3.1-Release到OpenHarmony-v3.1.6-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.8-LTS OpenHarmony-v1.0.1-release到OpenHarmony-v1.1.5-LTS	3.1.x 3.0.x 1.1.x
CVE-2020-35538	中	OpenHarmony-v3.1-Release到OpenHarmony-v3.1.6-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.8-LTS	3.1.x 3.0.x
CVE-2022-37434	严重	OpenHarmony-v3.1-Release到OpenHarmony-v3.1.6-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.8-LTS	3.1.x 3.0.x

Security Vulnerabilities in Feburary 2023

published March 7,2023
updated March 7,2023

Vulnerability ID	related Vulnerability	Vulnerability Description	Vulnerability Impact	CVSS3.1 Base Score	affected versions	affected projects	fix link	reference
OpenHarmony-SA-2023-0301	CVE-2023-24465	Communication Wi-Fi subsystem has a null pointer reference vulnerability when receiving external data.	Local attackers can exploit this vulnerability to cause the current application to crash.	5.5	OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS	communication_wifi	3.1.x 3.0.x	Reported by OpenHarmony Team
OpenHarmony-SA-2023-0302	CVE-2023-25947	The bundle management subsystem has a improper input validation when installing a HAP package.	Local attackers can exploit this vulnerability to cause a DoS attack to the system when installing a malicious HAP package.	6.2	OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release	bundlemanager_bundle_framework	3.1.x	Reported by OpenHarmony Team

The following table lists the third-party library vulnerabilities with only the CVE, severity, and affected OpenHarmony versions provided. For more details, see the security bulletins released by third-parties.

CVE	severity	affected OpenHarmony versions	fix link
CVE-2022-47946	Medium	OpenHarmony-v3.1-Release through OpenHarmony-v3.1.5-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS	3.1.x 3.0.x
CVE-2022-2196	Low	OpenHarmony-v3.1-Release through OpenHarmony-v3.1.6-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS	3.1.x 3.0.x
CVE-2023-0047	Medium	OpenHarmony-v3.1-Release through OpenHarmony-v3.1.5-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS	3.1.x 3.0.x
CVE-2023-23559	Medium	OpenHarmony-v3.1-Release through OpenHarmony-v3.1.6-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS	3.1.x 3.0.x
CVE-2022-3640	High	OpenHarmony-v3.1-Release through OpenHarmony-v3.1.5-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS	3.1.x 3.0.x
CVE-2022-47929	Medium	OpenHarmony-v3.1-Release through OpenHarmony-v3.1.6-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS	3.1.x 3.0.x
CVE-2023-0179	High	OpenHarmony-v3.1-Release through OpenHarmony-v3.1.6-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS	3.1.x 3.0.x
CVE-2023-0394	Medium	OpenHarmony-v3.1-Release through OpenHarmony-v3.1.6-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS	3.1.x 3.0.x
CVE-2023-23454	Medium	OpenHarmony-v3.1-Release through OpenHarmony-v3.1.6-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS	3.1.x 3.0.x
CVE-2023-23455	Medium	OpenHarmony-v3.1-Release through OpenHarmony-v3.1.6-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS	3.1.x 3.0.x
CVE-2023-0590	High	OpenHarmony-v3.1-Release through OpenHarmony-v3.1.6-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS	3.1.x 3.0.x
CVE-2023-0615	Medium	OpenHarmony-v3.1-Release through OpenHarmony-v3.1.6-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.8-LTS	3.1.x 3.0.x
CVE-2023-0045	Medium	OpenHarmony-v3.1-Release through OpenHarmony-v3.1.6-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.8-LTS	3.1.x 3.0.x
CVE-2023-20938	High	OpenHarmony-v3.1-Release through OpenHarmony-v3.1.6-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.8-LTS	3.1.x 3.0.x
CVE-2022-3176	High	OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS	3.1.x 3.0.x
CVE-2023-0045	Medium	OpenHarmony-v3.1-Release through OpenHarmony-v3.1.6-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.8-LTS	3.1.x 3.0.x
CVE-2022-3028	High	OpenHarmony-v3.1-Release through OpenHarmony-v3.1.6-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.8-LTS	3.1.x 3.0.x
CVE-2020-36516	Medium	OpenHarmony-v3.1-Release through OpenHarmony-v3.1.6-Release	3.1.x
CVE-2022-3341	Medium	OpenHarmony-v3.1-Release through OpenHarmony-v3.1.5-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS OpenHarmony-v1.0.1-release through OpenHarmony-v1.1.5-LTS	3.1.x 3.0.x 1.1.x
CVE-2022-4450	Medium	OpenHarmony-v3.1-Release through OpenHarmony-v3.1.6-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS OpenHarmony-v1.0.1-release through OpenHarmony-v1.1.5-LTS	3.1.x 3.0.x 1.1.x
CVE-2023-0286	High	OpenHarmony-v3.1-Release through OpenHarmony-v3.1.6-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.8-LTS OpenHarmony-v1.0.1-release through OpenHarmony-v1.1.5-LTS	3.1.x 3.0.x 1.1.x
CVE-2023-0215	Medium	OpenHarmony-v3.1-Release through OpenHarmony-v3.1.6-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.8-LTS OpenHarmony-v1.0.1-release through OpenHarmony-v1.1.5-LTS	3.1.x 3.0.x 1.1.x
CVE-2022-4304	Medium	OpenHarmony-v3.1-Release through OpenHarmony-v3.1.6-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.8-LTS OpenHarmony-v1.0.1-release through OpenHarmony-v1.1.5-LTS	3.1.x 3.0.x 1.1.x
CVE-2021-41751	Critical	OpenHarmony-v3.1-Release through OpenHarmony-v3.1.6-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.8-LTS	3.1.x 3.0.x
CVE-2021-43453	Critical	OpenHarmony-v3.1-Release through OpenHarmony-v3.1.6-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.8-LTS	3.1.x 3.0.x
CVE-2022-1304	High	OpenHarmony-v3.1-Release through OpenHarmony-v3.1.6-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS	3.1.x 3.0.x
CVE-2023-23914	Medium	OpenHarmony-v3.1-Release through OpenHarmony-v3.1.6-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.8-LTS OpenHarmony-v1.0.1-release through OpenHarmony-v1.1.5-LTS	3.1.x 3.0.x 1.1.x
CVE-2023-23915	Medium	OpenHarmony-v3.1-Release through OpenHarmony-v3.1.6-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.8-LTS OpenHarmony-v1.0.1-release through OpenHarmony-v1.1.5-LTS	3.1.x 3.0.x 1.1.x
CVE-2023-23916	Medium	OpenHarmony-v3.1-Release through OpenHarmony-v3.1.6-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.8-LTS OpenHarmony-v1.0.1-release through OpenHarmony-v1.1.5-LTS	3.1.x 3.0.x 1.1.x
CVE-2020-35538	Medium	OpenHarmony-v3.1-Release through OpenHarmony-v3.1.6-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.8-LTS	3.1.x 3.0.x
CVE-2022-37434	Critical	OpenHarmony-v3.1-Release through OpenHarmony-v3.1.6-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.8-LTS	3.1.x 3.0.x