- Description
- The appspawn and nwebspawn services within OpenHarmony-v3.1.2 and prior versions were found to be vulnerable to buffer overflow vulnerability due to insufficient input validation. An unprivileged malicious application would be able to gain code execution within any application installed on the device or cause application crash.
- Source
- scy@openharmony.io
- NVD status
- Analyzed
CVSS 3.1
- Type
- Primary
- Base score
- 7.8
- Impact score
- 5.9
- Exploitability score
- 1.8
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openharmony:openharmony:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C026D184-A8AE-4DE6-A339-EA4469DDD4E7",
"versionEndIncluding": "3.1.2",
"versionStartIncluding": "3.1"
},
{
"criteria": "cpe:2.3:o:openatom:openharmony:*:*:*:*:lts:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DD78C0F7-A817-473C-88B3-E7BC1A640AB5",
"versionEndIncluding": "3.0.6",
"versionStartIncluding": "3.0"
}
],
"operator": "OR"
}
]
}
]