提交 e111db55 编写于 作者: L louis.liuxu

update fix links of OpenHarmony-SA-2022-0601 and OpenHarmony-SA-2022-0703

Signed-off-by: Nlouis.liuxu <louis.liuxu@huawei.com>
上级 51a938b8
## Security Vulnerabilities in June 2022 ## Security Vulnerabilities in June 2022
_published June 6,2022_<br/> _published June 6,2022_<br/>
_updated July 15,2022_ _updated August 19,2022_
| Vulnerability ID | related Vulnerability | Vulnerability Descripton | Vulnerability Impact | affected versions | affected projects| fix link | reference | | Vulnerability ID | related Vulnerability | Vulnerability Descripton | Vulnerability Impact | affected versions | affected projects| fix link | reference |
| -------- |-------- | -------- | -------- | ----------- | ----------- | -------- | ------- | | -------- |-------- | -------- | -------- | ----------- | ----------- | -------- | ------- |
|OpenHarmony-SA-2022-0601 | NA | The notification subsystem in OpenHarmony has an authentication bypass vulnerability when deserialize an object.| Local attackers can bypass authenication and crash the server process. |OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS<br/>OpenHarmony-v3.1-Release|notification_common_event_service| [3.0.x](https://gitee.com/openharmony/notification_common_event_service/pulls/269)<br/>[3.1.x](https://gitee.com/openharmony/notification_common_event_service/pulls/288) |Reported by OpenHarmony Team| |OpenHarmony-SA-2022-0601 | NA | The notification subsystem in OpenHarmony has an authentication bypass vulnerability when deserialize an object.| Local attackers can bypass authenication and crash the server process. |OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS<br/>OpenHarmony-v3.1-Release|notification_common_event_service| [3.0.x](https://gitee.com/openharmony/notification_common_event_service/pulls/402)<br/>[3.1.x](https://gitee.com/openharmony/notification_common_event_service/pulls/288) |Reported by OpenHarmony Team|
|OpenHarmony-SA-2022-0602 | NA | The notification subsystem in OpenHarmony has an authentication bypass vulnerability which allows an "SA relay attack". | Local attackers can bypass authentication and get system control. |OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS|notification_common_event_service| [3.0.x](https://gitee.com/openharmony/notification_common_event_service/pulls/245) |Reported by OpenHarmony Team| |OpenHarmony-SA-2022-0602 | NA | The notification subsystem in OpenHarmony has an authentication bypass vulnerability which allows an "SA relay attack". | Local attackers can bypass authentication and get system control. |OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS|notification_common_event_service| [3.0.x](https://gitee.com/openharmony/notification_common_event_service/pulls/245) |Reported by OpenHarmony Team|
|OpenHarmony-SA-2022-0603 | NA | The updateservice in OpenHarmony has an authentication bypass vulnerability which allows an "SA relay attack". | Local attackers can bypass authentication and get system control. |OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS|update_updateservice| [3.0.x](https://gitee.com/openharmony/update_updateservice/pulls/115) |Reported by OpenHarmony Team| |OpenHarmony-SA-2022-0603 | NA | The updateservice in OpenHarmony has an authentication bypass vulnerability which allows an "SA relay attack". | Local attackers can bypass authentication and get system control. |OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS|update_updateservice| [3.0.x](https://gitee.com/openharmony/update_updateservice/pulls/115) |Reported by OpenHarmony Team|
|OpenHarmony-SA-2022-0604 | NA | The multimedia subsystem in OpenHarmony has an authentication bypass vulnerability which allows an "SA relay attack". | Local attackers can bypass authentication and get system control. |OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS|multimedia_media_standard| [3.0.x](https://gitee.com/openharmony/multimedia_media_standard/pulls/567) |Reported by OpenHarmony Team| |OpenHarmony-SA-2022-0604 | NA | The multimedia subsystem in OpenHarmony has an authentication bypass vulnerability which allows an "SA relay attack". | Local attackers can bypass authentication and get system control. |OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS|multimedia_media_standard| [3.0.x](https://gitee.com/openharmony/multimedia_media_standard/pulls/567) |Reported by OpenHarmony Team|
......
## Security Vulnerabilities in July 2022 ## Security Vulnerabilities in July 2022
_published July 5,2022_ _published July 5,2022_
_updated August 19,2022_
| Vulnerability ID | related Vulnerability | Vulnerability Descripton | Vulnerability Impact | affected versions | affected projects| fix link | reference | | Vulnerability ID | related Vulnerability | Vulnerability Descripton | Vulnerability Impact | affected versions | affected projects| fix link | reference |
| -------- |-------- | -------- | -------- | ----------- | ----------- | -------- | ------- | | -------- |-------- | -------- | -------- | ----------- | ----------- | -------- | ------- |
|OpenHarmony-SA-2022-0701 | NA | The bluetooth in communication subsystem has a DoS vulnerability. | Local attackers can trigger a large loop and crash the process. |OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS|communication_bluetooth| [3.0.x](https://gitee.com/openharmony/communication_bluetooth/pulls/179) |Reported by OpenHarmony Team| |OpenHarmony-SA-2022-0701 | NA | The bluetooth in communication subsystem has a DoS vulnerability. | Local attackers can trigger a large loop and crash the process. |OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS|communication_bluetooth| [3.0.x](https://gitee.com/openharmony/communication_bluetooth/pulls/179) |Reported by OpenHarmony Team|
|OpenHarmony-SA-2022-0702 | NA | The updater in update subsystem has a null pointer reference vulnerability. | Local attackers can input a nullptr and crash the process. |OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS|update_updater| [3.0.x](https://gitee.com/openharmony/update_updater/pulls/101) |Reported by OpenHarmony Team| |OpenHarmony-SA-2022-0702 | NA | The updater in update subsystem has a null pointer reference vulnerability. | Local attackers can input a nullptr and crash the process. |OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS|update_updater| [3.0.x](https://gitee.com/openharmony/update_updater/pulls/101) |Reported by OpenHarmony Team|
|OpenHarmony-SA-2022-0703 | NA | The dsoftbus in communication subsystem has an authentication bypass vulnerability which allows an "SA relay attack". | Local attackers can bypass authentication and get system control. |OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS|communication_dsoftbus| [3.0.x](https://gitee.com/openharmony/communication_dsoftbus/pulls/142) |Reported by OpenHarmony Team| |OpenHarmony-SA-2022-0703 | NA | The dsoftbus in communication subsystem has an authentication bypass vulnerability which allows an "SA relay attack". | Local attackers can bypass authentication and get system control. |OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS|communication_dsoftbus| [3.0.x](https://gitee.com/openharmony/communication_dsoftbus/pulls/2140) |Reported by OpenHarmony Team|
### The following table lists the third-party library vulnerabilities with only the CVE, severity, and affected OpenHarmony versions provided. For more details, see the security bulletins released by third-parties. ### The following table lists the third-party library vulnerabilities with only the CVE, severity, and affected OpenHarmony versions provided. For more details, see the security bulletins released by third-parties.
......
## Security Vulnerabilities in August 2022 ## Security Vulnerabilities in August 2022
_published August 2,2022_ _published August 2,2022_
_updated August 19,2022_
| Vulnerability ID | related Vulnerability | Vulnerability Descripton | Vulnerability Impact | affected versions | affected projects| fix link | reference | | Vulnerability ID | related Vulnerability | Vulnerability Description | Vulnerability Impact | affected versions | affected projects| fix link | reference |
| -------- |-------- | -------- | -------- | ----------- | ----------- | -------- | ------- | | -------- |-------- | -------- | -------- | ----------- | ----------- | -------- | ------- |
|OpenHarmony-SA-2022-0801 | NA | DecodeUCS2Data in telephony_sms_mms component of telephony subsystem, has a DoS vulnerability. | Network attackers can access illegal memory and crash the process.|OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS<br/>OpenHarmony-v3.1-Release|telephony_sms_mms| [3.0.x](https://gitee.com/openharmony/telephony_sms_mms/pulls/404)<br/>[3.1.x](https://gitee.com/openharmony/telephony_sms_mms/pulls/355) |Reported by OpenHarmony Team| |OpenHarmony-SA-2022-0801 | NA | DecodeUCS2Data in telephony_sms_mms component of telephony subsystem, has a DoS vulnerability. | Network attackers can access illegal memory and crash the process.|OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS<br/>OpenHarmony-v3.1-Release|telephony_sms_mms| [3.0.x](https://gitee.com/openharmony/telephony_sms_mms/pulls/404)<br/>[3.1.x](https://gitee.com/openharmony/telephony_sms_mms/pulls/355) |Reported by OpenHarmony Team|
|OpenHarmony-SA-2022-0802 | NA | DecodeGSMData in telephony_sms_mms component of telephony subsystem, has a DoS vulnerability. | Network attackers can access illegal memory and crash the process.|OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS<br/>OpenHarmony-v3.1-Release|telephony_sms_mms| [3.0.x](https://gitee.com/openharmony/telephony_sms_mms/pulls/404)<br/>[3.1.x](https://gitee.com/openharmony/telephony_sms_mms/pulls/355) |Reported by OpenHarmony Team| |OpenHarmony-SA-2022-0802 | NA | DecodeGSMData in telephony_sms_mms component of telephony subsystem, has a DoS vulnerability. | Network attackers can access illegal memory and crash the process.|OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS<br/>OpenHarmony-v3.1-Release|telephony_sms_mms| [3.0.x](https://gitee.com/openharmony/telephony_sms_mms/pulls/404)<br/>[3.1.x](https://gitee.com/openharmony/telephony_sms_mms/pulls/355) |Reported by OpenHarmony Team|
|OpenHarmony-SA-2022-0803 | NA | DecodeAddress in telephony_sms_mms component of telephony subsystem, has a DoS vulnerability. | Network attackers can access illegal memory and crash the process.|OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS<br/>OpenHarmony-v3.1-Release|telephony_sms_mms| [3.0.x](https://gitee.com/openharmony/telephony_sms_mms/pulls/404)<br/>[3.1.x](https://gitee.com/openharmony/telephony_sms_mms/pulls/355) |Reported by OpenHarmony Team| |OpenHarmony-SA-2022-0803 | NA | DecodeAddress in telephony_sms_mms component of telephony subsystem, has a DoS vulnerability. | Network attackers can access illegal memory and crash the process.|OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS<br/>OpenHarmony-v3.1-Release|telephony_sms_mms| [3.0.x](https://gitee.com/openharmony/telephony_sms_mms/pulls/404)<br/>[3.1.x](https://gitee.com/openharmony/telephony_sms_mms/pulls/355) |Reported by OpenHarmony Team|
|OpenHarmony-SA-2022-0804 | NA | Decode8bitData in telephony_sms_mms component of telephony subsystem, has a DoS vulnerability. | Network attackers can access illegal memory and crash the process.|OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS<br/>OpenHarmony-v3.1-Release|telephony_sms_mms| [3.0.x](https://gitee.com/openharmony/telephony_sms_mms/pulls/404)<br/>[3.1.x](https://gitee.com/openharmony/telephony_sms_mms/pulls/355) |Reported by OpenHarmony Team| |OpenHarmony-SA-2022-0804 | NA | Decode8bitData in telephony_sms_mms component of telephony subsystem, has a DoS vulnerability. | Network attackers can access illegal memory and crash the process.|OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS<br/>OpenHarmony-v3.1-Release|telephony_sms_mms| [3.0.x](https://gitee.com/openharmony/telephony_sms_mms/pulls/404)<br/>[3.1.x](https://gitee.com/openharmony/telephony_sms_mms/pulls/355) |Reported by OpenHarmony Team|
|OpenHarmony-SA-2022-0806 | NA | SendMessage in dsoftbus in communication subsystem has a permission bypass vulnerability. | Local attackers can bypass the permission check, and write any data into network devices. |OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS<br/>OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release|communication_dsoftbus| [3.0.x](https://gitee.com/openharmony/communication_dsoftbus/pulls/1668) |Reported by OpenHarmony Team| |OpenHarmony-SA-2022-0806 | NA | SendMessage in dsoftbus in communication subsystem has a permission bypass vulnerability. | Local attackers can bypass the permission check, and write any data into network devices. |OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS<br/>OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release|communication_dsoftbus| [3.0.x](https://gitee.com/openharmony/communication_dsoftbus/pulls/1668) |Reported by OpenHarmony Team|
### The following table lists the third-party library vulnerabilities with only the CVE, severity, and affected OpenHarmony versions provided. For more details, see the security bulletins released by third-parties. ### The following table lists the third-party library vulnerabilities with only the CVE, severity, and affected OpenHarmony versions provided. For more details, see the security bulletins released by third-parties.
......
## 2022年6月安全漏洞 ## 2022年6月安全漏洞
_发布于2022.6.6_<br/> _发布于2022.6.6_<br/>
_最后更新于2022.7.15_ _最后更新于2022.8.19_
| 漏洞编号 | 相关漏洞 | 漏洞描述 | 漏洞影响 | 受影响的版本 | 受影响的仓库 | 修复链接 | 参考链接 | | 漏洞编号 | 相关漏洞 | 漏洞描述 | 漏洞影响 | 受影响的版本 | 受影响的仓库 | 修复链接 | 参考链接 |
| -------- |-------- | -------- | -------- | ----------- | ----------- | -------- | ------- | | -------- |-------- | -------- | -------- | ----------- | ----------- | -------- | ------- |
|OpenHarmony-SA-2022-0601 | NA | 事件通知子系统反序列化对象时会绕过认证机制。 | 攻击者可在本地发起攻击,造成权限绕过,导致服务端进程崩溃。|OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS<br/>OpenHarmony-v3.1-Release|notification_common_event_service| [3.0.x](https://gitee.com/openharmony/notification_common_event_service/pulls/269)<br/>[3.1.x](https://gitee.com/openharmony/notification_common_event_service/pulls/288) |本项目组上报| |OpenHarmony-SA-2022-0601 | NA | 事件通知子系统反序列化对象时会绕过认证机制。 | 攻击者可在本地发起攻击,造成权限绕过,导致服务端进程崩溃。|OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS<br/>OpenHarmony-v3.1-Release|notification_common_event_service| [3.0.x](https://gitee.com/openharmony/notification_common_event_service/pulls/402)<br/>[3.1.x](https://gitee.com/openharmony/notification_common_event_service/pulls/288) |本项目组上报|
|OpenHarmony-SA-2022-0602 | NA | 事件通知子系统存在校验绕过漏洞,可发起SA中继攻击。 | 攻击者可在本地发起攻击,造成校验绕过,获得系统控制权。|OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS|notification_common_event_service| [3.0.x](https://gitee.com/openharmony/notification_common_event_service/pulls/245) |本项目组上报| |OpenHarmony-SA-2022-0602 | NA | 事件通知子系统存在校验绕过漏洞,可发起SA中继攻击。 | 攻击者可在本地发起攻击,造成校验绕过,获得系统控制权。|OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS|notification_common_event_service| [3.0.x](https://gitee.com/openharmony/notification_common_event_service/pulls/245) |本项目组上报|
|OpenHarmony-SA-2022-0603 | NA | 升级服务组件存在校验绕过漏洞,可发起SA中继攻击。 | 攻击者可在本地发起攻击,造成校验绕过,获得系统控制权。 |OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS|update_updateservice| [3.0.x](https://gitee.com/openharmony/update_updateservice/pulls/115) |本项目组上报| |OpenHarmony-SA-2022-0603 | NA | 升级服务组件存在校验绕过漏洞,可发起SA中继攻击。 | 攻击者可在本地发起攻击,造成校验绕过,获得系统控制权。 |OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS|update_updateservice| [3.0.x](https://gitee.com/openharmony/update_updateservice/pulls/115) |本项目组上报|
|OpenHarmony-SA-2022-0604 | NA | 多媒体子系统存在校验绕过漏洞,可发起SA中继攻击。 | 攻击者可在本地发起攻击,造成校验绕过,获取系统控制权。|OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS|multimedia_media_standard| [3.0.x](https://gitee.com/openharmony/multimedia_media_standard/pulls/567) |本项目组上报| |OpenHarmony-SA-2022-0604 | NA | 多媒体子系统存在校验绕过漏洞,可发起SA中继攻击。 | 攻击者可在本地发起攻击,造成校验绕过,获取系统控制权。|OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS|multimedia_media_standard| [3.0.x](https://gitee.com/openharmony/multimedia_media_standard/pulls/567) |本项目组上报|
......
## 2022年7月安全漏洞 ## 2022年7月安全漏洞
_发布于2022.7.5_ _发布于2022.7.5_
_最后更新于2022.8.19_
| 漏洞编号 | 相关漏洞 | 漏洞描述 | 漏洞影响 | 受影响的版本 | 受影响的仓库 | 修复链接 | 参考链接 | | 漏洞编号 | 相关漏洞 | 漏洞描述 | 漏洞影响 | 受影响的版本 | 受影响的仓库 | 修复链接 | 参考链接 |
| -------- |-------- | -------- | -------- | ----------- | ----------- | -------- | ------- | | -------- |-------- | -------- | -------- | ----------- | ----------- | -------- | ------- |
|OpenHarmony-SA-2022-0701 | NA | 通信子系统蓝牙组件存在DoS漏洞,造成进程崩溃。 | 攻击者可在本地发起攻击,进入超大循环,导致进程崩溃。|OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS|communication_bluetooth| [3.0.x](https://gitee.com/openharmony/communication_bluetooth/pulls/179) |本项目组上报| |OpenHarmony-SA-2022-0701 | NA | 通信子系统蓝牙组件存在DoS漏洞,造成进程崩溃。 | 攻击者可在本地发起攻击,进入超大循环,导致进程崩溃。|OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS|communication_bluetooth| [3.0.x](https://gitee.com/openharmony/communication_bluetooth/pulls/179) |本项目组上报|
|OpenHarmony-SA-2022-0702 | NA | 升级子系统升级包安装组件存在空指针引用,造成进程崩溃。| 攻击者可在本地发起攻击,传入空指针,导致进程崩溃。|OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS|update_updater| [3.0.x](https://gitee.com/openharmony/update_updater/pulls/101) |本项目组上报| |OpenHarmony-SA-2022-0702 | NA | 升级子系统升级包安装组件存在空指针引用,造成进程崩溃。| 攻击者可在本地发起攻击,传入空指针,导致进程崩溃。|OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS|update_updater| [3.0.x](https://gitee.com/openharmony/update_updater/pulls/101) |本项目组上报|
|OpenHarmony-SA-2022-0703 | NA | 通信子系统软总线存在校验绕过漏洞,可发起SA中继攻击。| 攻击者可在本地发起攻击,造成权限绕过,可获取系统控制权。|OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS|communication_dsoftbus| [3.0.x](https://gitee.com/openharmony/communication_dsoftbus/pulls/142) |本项目组上报| |OpenHarmony-SA-2022-0703 | NA | 通信子系统软总线存在校验绕过漏洞,可发起SA中继攻击。| 攻击者可在本地发起攻击,造成权限绕过,可获取系统控制权。|OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS|communication_dsoftbus| [3.0.x](https://gitee.com/openharmony/communication_dsoftbus/pulls/2140) |本项目组上报|
### 以下为三方库漏洞,只提供CVE、严重程度、受影响的OpenHarmony版本,详细信息请参考三方公告。 ### 以下为三方库漏洞,只提供CVE、严重程度、受影响的OpenHarmony版本,详细信息请参考三方公告。
......
## 2022年8月安全漏洞 ## 2022年8月安全漏洞
_发布于2022.8.2_ _发布于2022.8.2_
_最后更新于2022.8.19_
| 漏洞编号 | 相关漏洞 | 漏洞描述 | 漏洞影响 | 受影响的版本 | 受影响的仓库 | 修复链接 | 参考链接 | | 漏洞编号 | 相关漏洞 | 漏洞描述 | 漏洞影响 | 受影响的版本 | 受影响的仓库 | 修复链接 | 参考链接 |
| -------- |-------- | -------- | -------- | ----------- | ----------- | -------- | ------- | | -------- |-------- | -------- | -------- | ----------- | ----------- | -------- | ------- |
|OpenHarmony-SA-2022-0801 | NA | 电话服务子系统telephony_sms_mms组件DecodeUCS2Data存在DoS漏洞。 | 攻击者可在网络内发起攻击,访问非法内存,导致进程崩溃。|OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS<br/>OpenHarmony-v3.1-Release|telephony_sms_mms| [3.0.x](https://gitee.com/openharmony/telephony_sms_mms/pulls/404)<br/>[3.1.x](https://gitee.com/openharmony/telephony_sms_mms/pulls/355) |本项目组上报| |OpenHarmony-SA-2022-0801 | NA | 电话服务子系统telephony_sms_mms组件DecodeUCS2Data存在DoS漏洞。 | 攻击者可在网络内发起攻击,访问非法内存,导致进程崩溃。|OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS<br/>OpenHarmony-v3.1-Release|telephony_sms_mms| [3.0.x](https://gitee.com/openharmony/telephony_sms_mms/pulls/404)<br/>[3.1.x](https://gitee.com/openharmony/telephony_sms_mms/pulls/355) |本项目组上报|
|OpenHarmony-SA-2022-0802 | NA | 电话服务子系统telephony_sms_mms组件DecodeGSMData存在DoS漏洞。 | 攻击者可在网络内发起攻击,访问非法内存,导致进程崩溃。|OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS<br/>OpenHarmony-v3.1-Release|telephony_sms_mms| [3.0.x](https://gitee.com/openharmony/telephony_sms_mms/pulls/404)<br/>[3.1.x](https://gitee.com/openharmony/telephony_sms_mms/pulls/355) |本项目组上报| |OpenHarmony-SA-2022-0802 | NA | 电话服务子系统telephony_sms_mms组件DecodeGSMData存在DoS漏洞。 | 攻击者可在网络内发起攻击,访问非法内存,导致进程崩溃。|OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS<br/>OpenHarmony-v3.1-Release|telephony_sms_mms| [3.0.x](https://gitee.com/openharmony/telephony_sms_mms/pulls/404)<br/>[3.1.x](https://gitee.com/openharmony/telephony_sms_mms/pulls/355) |本项目组上报|
|OpenHarmony-SA-2022-0803 | NA | 电话服务子系统telephony_sms_mms组件DecodeAddress存在DoS漏洞。 | 攻击者可在网络内发起攻击,访问非法内存,导致进程崩溃。|OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS<br/>OpenHarmony-v3.1-Release|telephony_sms_mms| [3.0.x](https://gitee.com/openharmony/telephony_sms_mms/pulls/404)<br/>[3.1.x](https://gitee.com/openharmony/telephony_sms_mms/pulls/355) |本项目组上报| |OpenHarmony-SA-2022-0803 | NA | 电话服务子系统telephony_sms_mms组件DecodeAddress存在DoS漏洞。 | 攻击者可在网络内发起攻击,访问非法内存,导致进程崩溃。|OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS<br/>OpenHarmony-v3.1-Release|telephony_sms_mms| [3.0.x](https://gitee.com/openharmony/telephony_sms_mms/pulls/404)<br/>[3.1.x](https://gitee.com/openharmony/telephony_sms_mms/pulls/355) |本项目组上报|
|OpenHarmony-SA-2022-0804 | NA | 电话服务子系统telephony_sms_mms组件Decode8bitData存在DoS漏洞。 | 攻击者可在网络内发起攻击,访问非法内存,导致进程崩溃。|OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS<br/>OpenHarmony-v3.1-Release|telephony_sms_mms| [3.0.x](https://gitee.com/openharmony/telephony_sms_mms/pulls/404)<br/>[3.1.x](https://gitee.com/openharmony/telephony_sms_mms/pulls/355) |本项目组上报| |OpenHarmony-SA-2022-0804 | NA | 电话服务子系统telephony_sms_mms组件Decode8bitData存在DoS漏洞。 | 攻击者可在网络内发起攻击,访问非法内存,导致进程崩溃。|OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS<br/>OpenHarmony-v3.1-Release|telephony_sms_mms| [3.0.x](https://gitee.com/openharmony/telephony_sms_mms/pulls/404)<br/>[3.1.x](https://gitee.com/openharmony/telephony_sms_mms/pulls/355) |本项目组上报|
|OpenHarmony-SA-2022-0806 | NA | 通信子系统分布式软总线组件SendMessage接口存在漏洞,导致权限管控被绕过。 | 攻击者可在本地发起攻击,绕过权限管控机制,进一步向局域网内设备写入任意数据。 |OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS<br/>OpenHarmony-v3.1-Release到OpenHarmony-v3.1.1-Release|communication_dsoftbus| [3.0.x](https://gitee.com/openharmony/communication_dsoftbus/pulls/1668) |本项目组上报| |OpenHarmony-SA-2022-0806 | NA | 通信子系统分布式软总线组件SendMessage接口存在漏洞,导致权限管控被绕过。 | 攻击者可在本地发起攻击,绕过权限管控机制,进一步向局域网内设备写入任意数据。 |OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS<br/>OpenHarmony-v3.1-Release到OpenHarmony-v3.1.1-Release|communication_dsoftbus| [3.0.x](https://gitee.com/openharmony/communication_dsoftbus/pulls/1668) |本项目组上报|
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册