CVE-2023-0083

The ArKUI framework subsystem within OpenHarmony-v3.1.5 and prior versions, 

OpenHarmony-v3.0.7 and prior versions

has an Improper Input Validation vulnerability which local attackers can exploit this vulnerability to send malicious data, causing the current application to crash.
Type Confusion
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4 MEDIUM
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
OpenHarmonyCNA
4 MEDIUM
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 4%
VendorProductVersion
openatomopenharmony
3.0 ≤
𝑥
≤ 3.0.7
openatomopenharmony
3.1 ≤
𝑥
≤ 3.1.5
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://gitee.com/openharmony/security/blob/master/en/security-disclosure/2023/2023-02.md
https://gitee.com/openharmony/security/blob/master/en/security-disclosure/2023/2023-02.md