CVE-2023-0083

EUVD-2023-12184
The ArKUI framework subsystem within OpenHarmony-v3.1.5 and prior versions, 

OpenHarmony-v3.0.7 and prior versions

has an Improper Input Validation vulnerability which local attackers can exploit this vulnerability to send malicious data, causing the current application to crash.
Type Confusion
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4 MEDIUM
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
OpenHarmonyCNA
4 MEDIUM
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 6%
Affected Products (NVD)
VendorProductVersion
openatomopenharmony
3.0 ≤
𝑥
≤ 3.0.7
openatomopenharmony
3.1 ≤
𝑥
≤ 3.1.5
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://gitee.com/openharmony/security/blob/master/en/security-disclosure/2023/2023-02.md
https://gitee.com/openharmony/security/blob/master/en/security-disclosure/2023/2023-02.md