CVE-2022-44455

MEDIUM

Openharmony < 3.1.2 - Buffer Overflow

Title source: rule

Description

The appspawn and nwebspawn services within OpenHarmony-v3.1.2 and prior versions were found to be vulnerable to buffer overflow vulnerability due to insufficient input validation. An unprivileged malicious application would be able to gain code execution within any application installed on the device or cause application crash.

References (1)

Core 1

Core References

Third Party Advisory

https://gitee.com/openharmony/security/blob/master/en/security-disclosure/2022/2022-12.md

Scores

CVSS v3 6.8

EPSS 0.0006

EPSS Percentile 19.3%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-120

Status published

Products (2)

openatom/openharmony 3.0 - 3.0.6

openharmony/openharmony 3.1 - 3.1.2

Published Dec 08, 2022

Tracked Since Feb 18, 2026