CVE-2024-23808

in OpenHarmony v4.0.0 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through use after free or cause DOS through NULL pointer dereference.
Configurations

Configuration 1 (hide)

cpe:2.3:o:openatom:openharmony:*:*:*:*:*:*:*:*

History

02 Jan 2025, 19:07

Type Values Removed Values Added
CPE cpe:2.3:o:openatom:openharmony:*:*:*:*:*:*:*:*
References () https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2024/2024-05.md - () https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2024/2024-05.md - Vendor Advisory
First Time Openatom
Openatom openharmony

21 Nov 2024, 08:58

Type Values Removed Values Added
Summary
  • (es) En OpenHarmony v4.0.0 y versiones anteriores permiten a un atacante local la ejecución de código arbitrario en aplicaciones preinstaladas mediante use after free o provocan DOS mediante la desreferencia del puntero NULL.
References () https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2024/2024-05.md - () https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2024/2024-05.md -

07 May 2024, 07:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-05-07 07:15

Updated : 2025-01-02 19:07


NVD link : CVE-2024-23808

Mitre link : CVE-2024-23808

CVE.ORG link : CVE-2024-23808


JSON object : View

Products Affected

openatom

  • openharmony
CWE
CWE-125

Out-of-bounds Read

CWE-476

NULL Pointer Dereference