CVE-2022-36423 - OpenCVE

OpenHarmony-v3.1.2 and prior versions have an incorrect configuration of the cJSON library, which leads a Stack overflow vulnerability during recursive parsing. LAN attackers can lead a DoS attack to all network devices.

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Openharmony	Openharmony

Configuration 1 [-]

OR	cpe:2.3:a:openharmony:openharmony:::::long_term_support:::*
	cpe:2.3:a:openharmony:openharmony:::::long_term_support:::*
	cpe:2.3:a:openharmony:openharmony:::::-:::*

References

Link	Resource
https://gitee.com/openharmony/security/blob/master/en/security-disclosure/2022/2022-09.md	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: OpenHarmony

Published: 2022-09-06T00:00:00

Updated: 2022-09-09T14:39:56

Reserved: 2022-09-04T00:00:00

Link: CVE-2022-36423

JSON object: View

NVD Information

Status : Analyzed

Published: 2022-09-09T15:15:10.757

Modified: 2022-10-28T17:33:02.357

Link: CVE-2022-36423

JSON object: View

Redhat Information

No data.

CWE

{"containers": {"cna": {"affected": [{"product": "OpenHarmony", "vendor": "OpenHarmony", "versions": [{"lessThanOrEqual": "3.1.2", "status": "affected", "version": "OpenHarmony-v3.1.x-Release", "versionType": "custom"}, {"lessThanOrEqual": "3.0.5", "status": "affected", "version": "OpenHarmony-v3.0.x-LTS", "versionType": "custom"}, {"lessThanOrEqual": "1.1.5", "status": "affected", "version": "OpenHarmony-v1.1.x-LTS", "versionType": "custom"}]}], "datePublic": "2022-09-06T00:00:00", "descriptions": [{"lang": "en", "value": "OpenHarmony-v3.1.2 and prior versions have an incorrect configuration of the cJSON library, which leads a Stack overflow vulnerability during recursive parsing. LAN attackers can lead a DoS attack to all network devices."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-16", "description": "CWE-16 Configuration", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-09-09T14:39:56", "orgId": "0cf5dd6e-1214-4398-a481-30441e48fafd", "shortName": "OpenHarmony"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://gitee.com/openharmony/security/blob/master/en/security-disclosure/2022/2022-09.md"}], "source": {"discovery": "UNKNOWN"}, "title": "Incorrect configuration of the cJSON library lead a Stack overflow vulnerability during recursive parsing. LAN attackers can lead a DoS attack to all network devices.", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "scy@openharmony.io", "DATE_PUBLIC": "2022-09-06T07:44:00.000Z", "ID": "CVE-2022-36423", "STATE": "PUBLIC", "TITLE": "Incorrect configuration of the cJSON library lead a Stack overflow vulnerability during recursive parsing. LAN attackers can lead a DoS attack to all network devices."}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "OpenHarmony", "version": {"version_data": [{"version_affected": "<=", "version_name": "OpenHarmony-v3.1.x-Release", "version_value": "3.1.2"}, {"version_affected": "<=", "version_name": "OpenHarmony-v3.0.x-LTS", "version_value": "3.0.5"}, {"version_affected": "<=", "version_name": "OpenHarmony-v1.1.x-LTS", "version_value": "1.1.5"}]}}]}, "vendor_name": "OpenHarmony"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "OpenHarmony-v3.1.2 and prior versions have an incorrect configuration of the cJSON library, which leads a Stack overflow vulnerability during recursive parsing. LAN attackers can lead a DoS attack to all network devices."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-16 Configuration"}]}]}, "references": {"reference_data": [{"name": "https://gitee.com/openharmony/security/blob/master/en/security-disclosure/2022/2022-09.md", "refsource": "MISC", "url": "https://gitee.com/openharmony/security/blob/master/en/security-disclosure/2022/2022-09.md"}]}, "source": {"discovery": "UNKNOWN"}}}}, "cveMetadata": {"assignerOrgId": "0cf5dd6e-1214-4398-a481-30441e48fafd", "assignerShortName": "OpenHarmony", "cveId": "CVE-2022-36423", "datePublished": "2022-09-06T00:00:00", "dateReserved": "2022-09-04T00:00:00", "dateUpdated": "2022-09-09T14:39:56", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:openharmony:openharmony:*:*:*:*:long_term_support:*:*:*", "matchCriteriaId": "8C039CB8-843F-4608-9D51-0723001EFAFB", "versionEndIncluding": "1.1.5", "versionStartIncluding": "1.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:openharmony:openharmony:*:*:*:*:long_term_support:*:*:*", "matchCriteriaId": "3375114F-F7BC-4D54-8906-461891AF90FD", "versionEndIncluding": "3.0.5", "versionStartIncluding": "3.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:openharmony:openharmony:*:*:*:*:-:*:*:*", "matchCriteriaId": "F512E9AE-7313-43F9-ACB9-493AE257C79E", "versionEndIncluding": "3.1.2", "versionStartIncluding": "3.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "OpenHarmony-v3.1.2 and prior versions have an incorrect configuration of the cJSON library, which leads a Stack overflow vulnerability during recursive parsing. LAN attackers can lead a DoS attack to all network devices."}, {"lang": "es", "value": "OpenHarmony versiones v3.1.2 y anteriores, presentan una configuraci\u00f3n incorrecta de la biblioteca cJSON, que conlleva a una vulnerabilidad de desbordamiento de pila durante el an\u00e1lisis recursivo. Los atacantes de la LAN pueden conllevar a un ataque DoS a todos los dispositivos de la red"}], "id": "CVE-2022-36423", "lastModified": "2022-10-28T17:33:02.357", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 4.0, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 4.0, "source": "scy@openharmony.io", "type": "Secondary"}]}, "published": "2022-09-09T15:15:10.757", "references": [{"source": "scy@openharmony.io", "tags": ["Third Party Advisory"], "url": "https://gitee.com/openharmony/security/blob/master/en/security-disclosure/2022/2022-09.md"}], "sourceIdentifier": "scy@openharmony.io", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-16"}], "source": "scy@openharmony.io", "type": "Secondary"}]}