CVE-2023-0083

The ArKUI framework subsystem within OpenHarmony-v3.1.5 and prior versions, 

OpenHarmony-v3.0.7 and prior versions

has an Improper Input Validation vulnerability which local attackers can exploit this vulnerability to send malicious data, causing the current application to crash.
Type Confusion
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
OpenHarmonyCNA
4 MEDIUM
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 13%
Affected Products (NVD)
VendorProductVersion
openatomopenharmony
3.0 ≤
𝑥
≤ 3.0.7
openatomopenharmony
3.1 ≤
𝑥
≤ 3.1.5
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
openharmonyopenharmony
3.0 ≤
𝑥
≤ 3.0.7
CNA
openharmonyopenharmony
3.1 ≤
𝑥
≤ 3.1.5
CNA
Common Weakness Enumeration
References
https://gitee.com/openharmony/security/blob/master/en/security-disclosure/2023/2023-02.md
https://gitee.com/openharmony/security/blob/master/en/security-disclosure/2023/2023-02.md