CVE-2024-0285 - OpenCVE

in OpenHarmony v4.0.0 and prior versions allow a local attacker cause DOS through improper input.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Openharmony	Openharmony

Configuration 1 [-]

OR	cpe:2.3:a:openharmony:openharmony:::::-:::*
	cpe:2.3:a:openharmony:openharmony:4.0::::-:::

References

Link	Resource
https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2024/2024-02.md	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: OpenHarmony

Published: 2024-02-02T06:19:04.691Z

Updated: 2024-07-05T17:22:53.907Z

Reserved: 2024-01-06T11:03:57.060Z

Link: CVE-2024-0285

JSON object: View

NVD Information

Status : Analyzed

Published: 2024-02-02T07:15:09.980

Modified: 2024-02-07T18:16:33.733

Link: CVE-2024-0285

JSON object: View

Redhat Information

No data.

CWE

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-0285", "assignerOrgId": "0cf5dd6e-1214-4398-a481-30441e48fafd", "state": "PUBLISHED", "assignerShortName": "OpenHarmony", "dateReserved": "2024-01-06T11:03:57.060Z", "datePublished": "2024-02-02T06:19:04.691Z", "dateUpdated": "2024-07-05T17:22:53.907Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "OpenHarmony", "vendor": "OpenHarmony", "versions": [{"lessThanOrEqual": "v3.2.4", "status": "affected", "version": "v3.2.0", "versionType": "custom"}, {"lessThan": "v4.0.1", "status": "affected", "version": "v4.0.0", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\nin OpenHarmony v4.0.0 and prior versions allow a local attacker cause DOS through improper input."}], "value": "\nin OpenHarmony v4.0.0 and prior versions allow a local attacker cause DOS through improper input."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "LOW", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "description": "CWE-20 Improper Input Validation", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "0cf5dd6e-1214-4398-a481-30441e48fafd", "shortName": "OpenHarmony", "dateUpdated": "2024-02-02T06:19:04.691Z"}, "references": [{"url": "https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2024/2024-02.md"}], "source": {"discovery": "UNKNOWN"}, "title": "Dsoftbus has an improper input validation vulnerability", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-0285", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-02-05T17:44:15.598318Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-05T17:22:53.907Z"}}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:openharmony:openharmony:*:*:*:*:-:*:*:*", "matchCriteriaId": "030208B2-F752-47ED-93AF-1AA37942CE4D", "versionEndIncluding": "3.2.4", "versionStartIncluding": "3.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:openharmony:openharmony:4.0:*:*:*:-:*:*:*", "matchCriteriaId": "2F954785-2115-4147-8BCA-B90BFDC3B943", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "\nin OpenHarmony v4.0.0 and prior versions allow a local attacker cause DOS through improper input."}, {"lang": "es", "value": "Las versiones de OpenHarmony v4.0.0 y versiones anteriores permiten que un atacante local cause DOS mediante una entrada incorrecta."}], "id": "CVE-2024-0285", "lastModified": "2024-02-07T18:16:33.733", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "LOW", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 2.7, "source": "scy@openharmony.io", "type": "Secondary"}]}, "published": "2024-02-02T07:15:09.980", "references": [{"source": "scy@openharmony.io", "tags": ["Third Party Advisory"], "url": "https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2024/2024-02.md"}], "sourceIdentifier": "scy@openharmony.io", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-20"}], "source": "scy@openharmony.io", "type": "Secondary"}]}