Back

CVE-2024-38382

Sept. 2, 2024, 5:15 a.m.

Received
CVE has been recently published to the CVE List and has been received by the NVD.

Products

OpenHarmony

  • 4.0.0
  • prior versions

Source

scy@openharmony.io

Tags

CWE-125
scy@openharmony.io
2024-09-02
CVE-2024-38382

CVE-2024-38382 details

Published : Sept. 2, 2024, 5:15 a.m.
Last Modified : Sept. 2, 2024, 5:15 a.m.

Description

in OpenHarmony v4.0.0 and prior versions allow a local attacker cause information leak through out-of-bounds Read.

CVSS Score

1 2 3 4 5.5 6 7 8 9 10

Weakness

Weakness Name Description
CWE-125 Out-of-bounds Read The product reads data past the end, or before the beginning, of the intended buffer.

CVSS Data

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

Base Score

5.5

Exploitability Score

1.8

Impact Score

3.6

Base Severity

MEDIUM

Vector String : CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

References

URL Source
https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2024/2024-09.md scy@openharmony.io
This website uses the NVD API, but is not approved or certified by it.