Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-12082

Summary
Assigner-OpenHarmony
Assigner Org ID-0cf5dd6e-1214-4398-a481-30441e48fafd
Published At-03 Dec, 2024 | 12:15
Updated At-03 Dec, 2024 | 14:24
Rejected At-
Credits

Ability Runtime has an out-of-bounds read permission bypass vulnerability

in OpenHarmony v4.0.0 and prior versions allow a local attacker cause information leak through out-of-bounds Read.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:OpenHarmony
Assigner Org ID:0cf5dd6e-1214-4398-a481-30441e48fafd
Published At:03 Dec, 2024 | 12:15
Updated At:03 Dec, 2024 | 14:24
Rejected At:
▼CVE Numbering Authority (CNA)
Ability Runtime has an out-of-bounds read permission bypass vulnerability

in OpenHarmony v4.0.0 and prior versions allow a local attacker cause information leak through out-of-bounds Read.

Affected Products
Vendor
OpenHarmony (OpenAtom Foundation)OpenHarmony
Product
OpenHarmony
Default Status
unaffected
Versions
Affected
  • From v4.0.0 through 4.0.1 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-125CWE-125 Out-of-bounds Read
CWECWE-922CWE-922 Insecure Storage of Sensitive Information
Type: CWE
CWE ID: CWE-125
Description: CWE-125 Out-of-bounds Read
Type: CWE
CWE ID: CWE-922
Description: CWE-922 Insecure Storage of Sensitive Information
Metrics
VersionBase scoreBase severityVector
3.15.5MEDIUM
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Version: 3.1
Base score: 5.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2024/2024-12.md
N/A
Hyperlink: https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2024/2024-12.md
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:scy@openharmony.io
Published At:03 Dec, 2024 | 13:15
Updated At:11 Dec, 2024 | 17:12

in OpenHarmony v4.0.0 and prior versions allow a local attacker cause information leak through out-of-bounds Read.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.15.5MEDIUM
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Primary3.15.5MEDIUM
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Type: Secondary
Version: 3.1
Base score: 5.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Type: Primary
Version: 3.1
Base score: 5.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CPE Matches
OpenAtom Foundation
openatom
>>openharmony>>Versions up to 4.0(inclusive)
cpe:2.3:o:openatom:openharmony:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-125Primaryscy@openharmony.io
CWE-922Primaryscy@openharmony.io
CWE ID: CWE-125
Type: Primary
Source: scy@openharmony.io
CWE ID: CWE-922
Type: Primary
Source: scy@openharmony.io
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2024/2024-12.mdscy@openharmony.io
Vendor Advisory
Hyperlink: https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2024/2024-12.md
Source: scy@openharmony.io
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

427Records found
CVE-2024-21826
Matching Score-10
Assigner-OpenHarmony
ShareView Details
Matching Score-10
Assigner-OpenHarmony
CVSS Score-4.3||MEDIUM
EPSS-0.06% / 19.27%
||
7 Day CHG~0.00%
Published-04 Mar, 2024 | 06:19
Updated-16 Dec, 2024 | 20:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Huks has an insecure storage of sensitive information vulnerability

in OpenHarmony v3.2.4 and prior versions allow a local attacker cause sensitive information leak through insecure storage.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmony
CWE ID-CWE-922
Insecure Storage of Sensitive Information
CVE-2023-43756
Matching Score-10
Assigner-OpenHarmony
ShareView Details
Matching Score-10
Assigner-OpenHarmony
CVSS Score-2.9||LOW
EPSS-0.03% / 7.35%
||
7 Day CHG~0.00%
Published-02 Feb, 2024 | 06:18
Updated-09 Sep, 2024 | 12:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Dsoftbus has an out-of-bounds read vulnerability

in OpenHarmony v3.2.4 and prior versions allow a local attacker causes information leak through out-of-bounds Read.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmony
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-21098
Matching Score-10
Assigner-OpenHarmony
ShareView Details
Matching Score-10
Assigner-OpenHarmony
CVSS Score-5.5||MEDIUM
EPSS-0.02% / 3.07%
||
7 Day CHG~0.00%
Published-04 Mar, 2025 | 03:44
Updated-04 Mar, 2025 | 15:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Liteos-A has an insecure storage of sensitive information vulnerability

in OpenHarmony v5.0.2 and prior versions allow a local attacker cause information leak through out-of-bounds read bypass permission check.

Action-Not Available
Vendor-OpenHarmony (OpenAtom Foundation)
Product-OpenHarmony
CWE ID-CWE-922
Insecure Storage of Sensitive Information
CVE-2025-20042
Matching Score-10
Assigner-OpenHarmony
ShareView Details
Matching Score-10
Assigner-OpenHarmony
CVSS Score-5.5||MEDIUM
EPSS-0.02% / 3.07%
||
7 Day CHG~0.00%
Published-04 Mar, 2025 | 03:44
Updated-04 Mar, 2025 | 19:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Liteos-A has an out of bounds read vulnerability

in OpenHarmony v5.0.2 and prior versions allow a local attacker cause information leak through out-of-bounds read.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmony
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-45070
Matching Score-10
Assigner-OpenHarmony
ShareView Details
Matching Score-10
Assigner-OpenHarmony
CVSS Score-5.5||MEDIUM
EPSS-0.02% / 3.72%
||
7 Day CHG~0.00%
Published-07 Jan, 2025 | 07:56
Updated-07 Jan, 2025 | 15:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Liteos_a has an out-of-bounds read vulnerability

in OpenHarmony v4.1.2 and prior versions allow a local attacker cause information leak through out-of-bounds Read.

Action-Not Available
Vendor-OpenHarmony (OpenAtom Foundation)
Product-OpenHarmony
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-25176
Matching Score-10
Assigner-OpenHarmony
ShareView Details
Matching Score-10
Assigner-OpenHarmony
CVSS Score-2.9||LOW
EPSS-0.10% / 28.29%
||
7 Day CHG~0.00%
Published-04 Mar, 2024 | 06:18
Updated-16 Dec, 2024 | 19:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Pasteboard has an out-of-bounds read vulnerability

in OpenHarmony v3.2.4 and prior versions allow a local attacker cause information leak through out-of-bounds Read.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmony
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-49118
Matching Score-10
Assigner-OpenHarmony
ShareView Details
Matching Score-10
Assigner-OpenHarmony
CVSS Score-2.9||LOW
EPSS-0.03% / 7.35%
||
7 Day CHG~0.00%
Published-02 Feb, 2024 | 06:18
Updated-09 Sep, 2024 | 12:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Dsoftbus has an out-of-bounds read vulnerability

in OpenHarmony v3.2.4 and prior versions allow a local attacker causes information leak through out-of-bounds Read.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmonyopenharmony
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-9978
Matching Score-10
Assigner-OpenHarmony
ShareView Details
Matching Score-10
Assigner-OpenHarmony
CVSS Score-5.5||MEDIUM
EPSS-0.03% / 7.45%
||
7 Day CHG~0.00%
Published-03 Dec, 2024 | 12:15
Updated-11 Dec, 2024 | 17:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Liteos_a has an out-of-bounds read vulnerability

in OpenHarmony v4.1.1 and prior versions allow a local attacker cause information leak through out-of-bounds Read.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmony
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-39806
Matching Score-10
Assigner-OpenHarmony
ShareView Details
Matching Score-10
Assigner-OpenHarmony
CVSS Score-5.5||MEDIUM
EPSS-0.03% / 8.25%
||
7 Day CHG~0.00%
Published-08 Oct, 2024 | 03:03
Updated-16 Oct, 2024 | 16:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Liteos_a has an out-of-bounds Read vulnerability

in OpenHarmony v4.1.0 and prior versions allow a local attacker cause information leak through out-of-bounds Read.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmony
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-38382
Matching Score-10
Assigner-OpenHarmony
ShareView Details
Matching Score-10
Assigner-OpenHarmony
CVSS Score-5.5||MEDIUM
EPSS-0.04% / 10.05%
||
7 Day CHG~0.00%
Published-02 Sep, 2024 | 03:24
Updated-04 Sep, 2024 | 17:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Ability Runtime has an out-of-bounds read permission bypass vulnerability

in OpenHarmony v4.0.0 and prior versions allow a local attacker cause information leak through out-of-bounds Read.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmony
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-922
Insecure Storage of Sensitive Information
CVE-2024-39612
Matching Score-10
Assigner-OpenHarmony
ShareView Details
Matching Score-10
Assigner-OpenHarmony
CVSS Score-5.5||MEDIUM
EPSS-0.04% / 10.05%
||
7 Day CHG~0.00%
Published-02 Sep, 2024 | 03:25
Updated-04 Sep, 2024 | 16:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Background Task Manager has an out-of-bounds read permission bypass vulnerability

in OpenHarmony v4.0.0 and prior versions allow a local attacker cause information leak through out-of-bounds Read.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmony
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-922
Insecure Storage of Sensitive Information
CVE-2024-21816
Matching Score-8
Assigner-OpenHarmony
ShareView Details
Matching Score-8
Assigner-OpenHarmony
CVSS Score-4||MEDIUM
EPSS-0.05% / 13.99%
||
7 Day CHG~0.00%
Published-04 Mar, 2024 | 06:19
Updated-16 Dec, 2024 | 20:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Background task manager has an improper preservation of permissions vulnerability

in OpenHarmony v4.0.0 and prior versions allow a local attacker cause information leak through improper preservation of permissions.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmony
CWE ID-CWE-281
Improper Preservation of Permissions
CVE-2023-46705
Matching Score-8
Assigner-OpenHarmony
ShareView Details
Matching Score-8
Assigner-OpenHarmony
CVSS Score-6.2||MEDIUM
EPSS-0.04% / 10.82%
||
7 Day CHG~0.00%
Published-20 Nov, 2023 | 11:46
Updated-09 Sep, 2024 | 12:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Arkruntime has a type confusion vulnerability

in OpenHarmony v3.2.2 and prior versions allow a local attacker causes system information leak through type confusion.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmony
CWE ID-CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
CVE-2023-46100
Matching Score-8
Assigner-OpenHarmony
ShareView Details
Matching Score-8
Assigner-OpenHarmony
CVSS Score-6.2||MEDIUM
EPSS-0.03% / 7.99%
||
7 Day CHG~0.00%
Published-20 Nov, 2023 | 11:46
Updated-09 Sep, 2024 | 12:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cert manager has a use of uninitialized resource vulnerability

in OpenHarmony v3.2.2 and prior versions allow a local attacker get sensitive buffer information through use of uninitialized resource.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmony
CWE ID-CWE-908
Use of Uninitialized Resource
CVE-2025-27563
Matching Score-8
Assigner-OpenHarmony
ShareView Details
Matching Score-8
Assigner-OpenHarmony
CVSS Score-3.3||LOW
EPSS-0.02% / 2.28%
||
7 Day CHG~0.00%
Published-08 Jun, 2025 | 11:47
Updated-09 Jun, 2025 | 19:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
security_access_token has an improper preservation of permissions vulnerability

in OpenHarmony v5.0.3 and prior versions allow a local attacker cause information leak through get permission.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmony
CWE ID-CWE-281
Improper Preservation of Permissions
CVE-2025-27247
Matching Score-8
Assigner-OpenHarmony
ShareView Details
Matching Score-8
Assigner-OpenHarmony
CVSS Score-5.5||MEDIUM
EPSS-0.02% / 2.56%
||
7 Day CHG~0.00%
Published-08 Jun, 2025 | 11:47
Updated-09 Jun, 2025 | 19:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Pasteboard has an improper preservation of permissions vulnerability

in OpenHarmony v5.0.3 and prior versions allow a local attacker cause information leak through get permission.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmony
CWE ID-CWE-281
Improper Preservation of Permissions
CVE-2025-26691
Matching Score-8
Assigner-OpenHarmony
ShareView Details
Matching Score-8
Assigner-OpenHarmony
CVSS Score-5.5||MEDIUM
EPSS-0.02% / 2.56%
||
7 Day CHG~0.00%
Published-08 Jun, 2025 | 11:47
Updated-09 Jun, 2025 | 19:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
telephony_call_manager has an improper preservation of permissions vulnerability

in OpenHarmony v5.0.3 and prior versions allow a local attacker cause information leak through get permission.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmony
CWE ID-CWE-281
Improper Preservation of Permissions
CVE-2025-26693
Matching Score-8
Assigner-OpenHarmony
ShareView Details
Matching Score-8
Assigner-OpenHarmony
CVSS Score-3.3||LOW
EPSS-0.02% / 2.28%
||
7 Day CHG~0.00%
Published-08 Jun, 2025 | 11:47
Updated-09 Jun, 2025 | 19:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
security_access_token has an improper preservation of permissions vulnerability

in OpenHarmony v5.0.3 and prior versions allow a local attacker cause information leak through get permission.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmony
CWE ID-CWE-281
Improper Preservation of Permissions
CVE-2025-24493
Matching Score-8
Assigner-OpenHarmony
ShareView Details
Matching Score-8
Assigner-OpenHarmony
CVSS Score-5.5||MEDIUM
EPSS-0.01% / 1.73%
||
7 Day CHG~0.00%
Published-08 Jun, 2025 | 11:46
Updated-09 Jun, 2025 | 19:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
kernel_liteos_a has a race condition vulnerability

in OpenHarmony v5.0.3 and prior versions allow a local attacker cause information leak through race condition.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmony
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2022-43449
Matching Score-8
Assigner-OpenHarmony
ShareView Details
Matching Score-8
Assigner-OpenHarmony
CVSS Score-6.2||MEDIUM
EPSS-0.03% / 5.46%
||
7 Day CHG~0.00%
Published-03 Nov, 2022 | 19:15
Updated-02 May, 2025 | 18:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Arbitrary file read via download_server.

OpenHarmony-v3.1.2 and prior versions had an Arbitrary file read vulnerability via download_server. Local attackers can install an malicious application on the device and reveal any file from the filesystem that is accessible to download_server service which run with UID 1000.

Action-Not Available
Vendor-OpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmony
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-552
Files or Directories Accessible to External Parties
CVE-2022-38064
Matching Score-8
Assigner-OpenHarmony
ShareView Details
Matching Score-8
Assigner-OpenHarmony
CVSS Score-6.2||MEDIUM
EPSS-0.01% / 0.96%
||
7 Day CHG~0.00%
Published-09 Sep, 2022 | 14:39
Updated-16 Sep, 2024 | 18:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
windowmanager in window subsystem has a permission bypass vulnerability. Local attackers can bypass permission control and get sensitive information.

OpenHarmony-v3.1.2 and prior versions have a permission bypass vulnerability. Local attackers can bypass permission control and get sensitive information.

Action-Not Available
Vendor-OpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmony
CWE ID-CWE-305
Authentication Bypass by Primary Weakness
CWE ID-CWE-287
Improper Authentication
CVE-2023-42774
Matching Score-8
Assigner-OpenHarmony
ShareView Details
Matching Score-8
Assigner-OpenHarmony
CVSS Score-6.2||MEDIUM
EPSS-0.02% / 4.78%
||
7 Day CHG~0.00%
Published-20 Nov, 2023 | 11:46
Updated-09 Sep, 2024 | 12:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Liteos-A has a incorrect default permissions vulnerability

in OpenHarmony v3.2.2 and prior versions allow a local attacker get confidential information through incorrect default permissions.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmony
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2024-28951
Matching Score-8
Assigner-OpenHarmony
ShareView Details
Matching Score-8
Assigner-OpenHarmony
CVSS Score-5.5||MEDIUM
EPSS-0.10% / 27.38%
||
7 Day CHG+0.03%
Published-02 Apr, 2024 | 06:23
Updated-24 Jan, 2025 | 16:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Arkcompiler runtime has a use after free vulnerability

in OpenHarmony v4.0.0 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through use after free.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmonyopenharmony
CWE ID-CWE-416
Use After Free
CVE-2022-45118
Matching Score-8
Assigner-OpenHarmony
ShareView Details
Matching Score-8
Assigner-OpenHarmony
CVSS Score-6.2||MEDIUM
EPSS-0.05% / 15.21%
||
7 Day CHG~0.00%
Published-08 Dec, 2022 | 00:00
Updated-03 Aug, 2024 | 14:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Telephony in communication subsystem sends public events with personal data, but the permission is not set.

OpenHarmony-v3.1.2 and prior versions had a vulnerability that telephony in communication subsystem sends public events with personal data, but the permission is not set. Malicious apps could listen to public events and obtain information such as mobile numbers and SMS data without permissions.

Action-Not Available
Vendor-OpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmony
CWE ID-CWE-287
Improper Authentication
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2024-23808
Matching Score-6
Assigner-OpenHarmony
ShareView Details
Matching Score-6
Assigner-OpenHarmony
CVSS Score-5.2||MEDIUM
EPSS-0.07% / 21.22%
||
7 Day CHG~0.00%
Published-07 May, 2024 | 06:26
Updated-02 Jan, 2025 | 19:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Arkcompiler ets frontend has an out-of-bounds read vulnerability

in OpenHarmony v4.0.0 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through use after free or cause DOS through NULL pointer dereference.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmonyopenharmony
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2021-33643
Matching Score-6
Assigner-openEuler
ShareView Details
Matching Score-6
Assigner-openEuler
CVSS Score-9.1||CRITICAL
EPSS-0.18% / 39.41%
||
7 Day CHG~0.00%
Published-09 Aug, 2022 | 00:00
Updated-02 Apr, 2025 | 18:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc(0) for a variable gnu_longlink, causing an out-of-bounds read.

Action-Not Available
Vendor-feepn/aOpenAtom FoundationFedora ProjectHuawei Technologies Co., Ltd.
Product-openeulerfedoralibtarlibtar
CWE ID-CWE-125
Out-of-bounds Read
CVE-2021-33644
Matching Score-6
Assigner-openEuler
ShareView Details
Matching Score-6
Assigner-openEuler
CVSS Score-8.1||HIGH
EPSS-0.18% / 39.41%
||
7 Day CHG~0.00%
Published-09 Aug, 2022 | 00:00
Updated-02 Apr, 2025 | 18:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc(0) for a variable gnu_longname, causing an out-of-bounds read.

Action-Not Available
Vendor-feepn/aOpenAtom FoundationFedora ProjectHuawei Technologies Co., Ltd.
Product-openeulerfedoralibtarlibtar
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-27534
Matching Score-6
Assigner-OpenHarmony
ShareView Details
Matching Score-6
Assigner-OpenHarmony
CVSS Score-3.3||LOW
EPSS-0.03% / 5.13%
||
7 Day CHG~0.00%
Published-07 Apr, 2025 | 02:35
Updated-07 Apr, 2025 | 15:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
arkcompiler_ets_runtime has an out-of-bounds read vulnerability

in OpenHarmony v5.0.2 and prior versions allow a local attacker case DOS through missing release of memory.

Action-Not Available
Vendor-OpenHarmony (OpenAtom Foundation)
Product-OpenHarmony
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-23235
Matching Score-6
Assigner-OpenHarmony
ShareView Details
Matching Score-6
Assigner-OpenHarmony
CVSS Score-3.3||LOW
EPSS-0.02% / 3.27%
||
7 Day CHG~0.00%
Published-08 Jun, 2025 | 11:46
Updated-09 Jun, 2025 | 19:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
arkcompiler_ets_runtime has an out-of-bounds write vulnerability

in OpenHarmony v5.0.3 and prior versions allow a local attacker cause DOS through out-of-bounds read.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmony
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-23418
Matching Score-6
Assigner-OpenHarmony
ShareView Details
Matching Score-6
Assigner-OpenHarmony
CVSS Score-3.3||LOW
EPSS-0.02% / 3.60%
||
7 Day CHG~0.00%
Published-04 Mar, 2025 | 03:44
Updated-11 Mar, 2025 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Arkcompiler Ets Runtime has an out-of-bounds read vulnerability

in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through out-of-bounds read.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmony
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-22841
Matching Score-6
Assigner-OpenHarmony
ShareView Details
Matching Score-6
Assigner-OpenHarmony
CVSS Score-3.3||LOW
EPSS-0.02% / 3.60%
||
7 Day CHG~0.00%
Published-04 Mar, 2025 | 03:44
Updated-04 Mar, 2025 | 17:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Arkcompiler Ets Runtime has an out-of-bounds read vulnerability

in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through out-of-bounds read.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmony
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-22847
Matching Score-6
Assigner-OpenHarmony
ShareView Details
Matching Score-6
Assigner-OpenHarmony
CVSS Score-3.3||LOW
EPSS-0.02% / 3.60%
||
7 Day CHG~0.00%
Published-04 Mar, 2025 | 03:44
Updated-04 Mar, 2025 | 17:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Arkcompiler Ets Runtime has an out-of-bounds read vulnerability

in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through out-of-bounds read.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmony
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-22452
Matching Score-6
Assigner-OpenHarmony
ShareView Details
Matching Score-6
Assigner-OpenHarmony
CVSS Score-3.3||LOW
EPSS-0.03% / 5.13%
||
7 Day CHG~0.00%
Published-07 Apr, 2025 | 02:35
Updated-07 Apr, 2025 | 14:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
arkcompiler_ets_runtime has an out-of-bounds read vulnerability

in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through out-of-bounds read.

Action-Not Available
Vendor-OpenHarmony (OpenAtom Foundation)
Product-OpenHarmony
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-22443
Matching Score-6
Assigner-OpenHarmony
ShareView Details
Matching Score-6
Assigner-OpenHarmony
CVSS Score-3.3||LOW
EPSS-0.02% / 3.60%
||
7 Day CHG~0.00%
Published-04 Mar, 2025 | 03:44
Updated-04 Mar, 2025 | 15:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Arkcompiler Ets Runtime has an out-of-bounds read vulnerability

in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through out-of-bounds read.

Action-Not Available
Vendor-OpenHarmony (OpenAtom Foundation)
Product-OpenHarmony
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-22842
Matching Score-6
Assigner-OpenHarmony
ShareView Details
Matching Score-6
Assigner-OpenHarmony
CVSS Score-3.3||LOW
EPSS-0.03% / 5.13%
||
7 Day CHG~0.00%
Published-07 Apr, 2025 | 02:35
Updated-07 Apr, 2025 | 14:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
arkcompiler_ets_runtime has an out-of-bounds read vulnerability

in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through out-of-bounds read.

Action-Not Available
Vendor-OpenHarmony (OpenAtom Foundation)
Product-OpenHarmony
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-21089
Matching Score-6
Assigner-OpenHarmony
ShareView Details
Matching Score-6
Assigner-OpenHarmony
CVSS Score-3.3||LOW
EPSS-0.02% / 3.60%
||
7 Day CHG~0.00%
Published-04 Mar, 2025 | 03:44
Updated-04 Mar, 2025 | 14:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Arkcompiler Ets Runtime has an out-of-bounds read vulnerability

in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through out-of-bounds read.

Action-Not Available
Vendor-OpenHarmony (OpenAtom Foundation)
Product-OpenHarmony
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-20021
Matching Score-6
Assigner-OpenHarmony
ShareView Details
Matching Score-6
Assigner-OpenHarmony
CVSS Score-3.3||LOW
EPSS-0.02% / 3.60%
||
7 Day CHG~0.00%
Published-04 Mar, 2025 | 03:44
Updated-04 Mar, 2025 | 19:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Arkcompiler Ets Runtime has an out-of-bounds read vulnerability

in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through out-of-bounds read.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmony
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-20102
Matching Score-6
Assigner-OpenHarmony
ShareView Details
Matching Score-6
Assigner-OpenHarmony
CVSS Score-3.3||LOW
EPSS-0.03% / 5.13%
||
7 Day CHG~0.00%
Published-07 Apr, 2025 | 02:35
Updated-07 Apr, 2025 | 14:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
arkcompiler_ets_runtime has an out-of-bounds read vulnerability

in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through out-of-bounds read.

Action-Not Available
Vendor-OpenHarmony (OpenAtom Foundation)
Product-OpenHarmony
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-41686
Matching Score-6
Assigner-OpenHarmony
ShareView Details
Matching Score-6
Assigner-OpenHarmony
CVSS Score-5.1||MEDIUM
EPSS-0.04% / 10.76%
||
7 Day CHG~0.00%
Published-14 Oct, 2022 | 14:40
Updated-14 May, 2025 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Out-of-bound memory read and write in /dev/mmz_userdev device driver. The impact depends on the privileges of the attacker. The unprivileged process run on the device could read out-of-bound memory leading sensitive to information disclosure. The proc ...

OpenHarmony-v3.1.2 and prior versions, 3.0.6 and prior versions have an Out-of-bound memory read and write vulnerability in /dev/mmz_userdev device driver. The impact depends on the privileges of the attacker. The unprivileged process run on the device could read out-of-bound memory leading sensitive to information disclosure. The processes with system user UID run on the device would be able to write out-of-bound memory which could lead to unspecified memory corruption.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmony
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-47402
Matching Score-6
Assigner-OpenHarmony
ShareView Details
Matching Score-6
Assigner-OpenHarmony
CVSS Score-3.3||LOW
EPSS-0.03% / 7.19%
||
7 Day CHG~0.00%
Published-05 Nov, 2024 | 08:01
Updated-06 Nov, 2024 | 15:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Liteos_a has an Out-of-bounds Read vulnerability

in OpenHarmony v4.0.0 and prior versions allow a local attacker cause DOS through out-of-bounds read.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmony
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-49602
Matching Score-6
Assigner-OpenHarmony
ShareView Details
Matching Score-6
Assigner-OpenHarmony
CVSS Score-2.9||LOW
EPSS-0.07% / 21.83%
||
7 Day CHG~0.00%
Published-04 Mar, 2024 | 06:19
Updated-16 Dec, 2024 | 19:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Arkui has a type confusion vulnerability

in OpenHarmony v3.2.4 and prior versions allow a local attacker cause apps crash through type confusion.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmony
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
CVE-2024-36243
Matching Score-6
Assigner-OpenHarmony
ShareView Details
Matching Score-6
Assigner-OpenHarmony
CVSS Score-8.2||HIGH
EPSS-1.45% / 79.98%
||
7 Day CHG~0.00%
Published-02 Jul, 2024 | 08:13
Updated-09 Sep, 2024 | 12:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Arkcompiler Ets Runtime has an out-of-bounds read vulnerability

in OpenHarmony v4.0.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps through out-of-bounds read and write.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmonyopenharmony
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-39775
Matching Score-6
Assigner-OpenHarmony
ShareView Details
Matching Score-6
Assigner-OpenHarmony
CVSS Score-6.5||MEDIUM
EPSS-0.14% / 35.37%
||
7 Day CHG~0.00%
Published-02 Sep, 2024 | 03:25
Updated-04 Sep, 2024 | 16:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Net Manager has an out-of-bounds read permission bypass vulnerability

in OpenHarmony v4.1.0 and prior versions allow a remote attacker cause information leak through out-of-bounds Read.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmony
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-922
Insecure Storage of Sensitive Information
CVE-2023-21309
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-5.5||MEDIUM
EPSS-0.02% / 3.92%
||
7 Day CHG~0.00%
Published-30 Oct, 2023 | 16:56
Updated-06 Sep, 2024 | 20:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In libcore, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-21080
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-5.5||MEDIUM
EPSS-0.02% / 3.92%
||
7 Day CHG~0.00%
Published-19 Apr, 2023 | 00:00
Updated-05 Feb, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In register_notification_rsp of btif_rc.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-245916076

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-125
Out-of-bounds Read
CVE-2018-9410
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-5.5||MEDIUM
EPSS-0.01% / 0.99%
||
7 Day CHG~0.00%
Published-19 Nov, 2024 | 21:04
Updated-22 Nov, 2024 | 22:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In analyzeAxes of FontUtils.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-125
Out-of-bounds Read
CVE-2018-9408
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-5.5||MEDIUM
EPSS-0.03% / 5.05%
||
7 Day CHG~0.00%
Published-04 Dec, 2024 | 23:34
Updated-19 Dec, 2024 | 16:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In m3326_gps_write and m3326_gps_read of gps.s, there is a possible Out Of Bounds Read due to a missing bounds check. This could lead to a local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-21200
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-5.5||MEDIUM
EPSS-0.03% / 4.99%
||
7 Day CHG~0.00%
Published-28 Jun, 2023 | 00:00
Updated-04 Dec, 2024 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In on_remove_iso_data_path of btm_iso_impl.h, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-236688764

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-125
Out-of-bounds Read
CVE-2018-9407
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-6.5||MEDIUM
EPSS-0.03% / 6.72%
||
7 Day CHG~0.00%
Published-04 Dec, 2024 | 23:33
Updated-19 Dec, 2024 | 16:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In emmc_rpmb_ioctl of emmc_rpmb.c, there is an Information Disclosure due to a Missing Bounds Check. This could lead to Information Disclosure of kernel data.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-21368
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-5.5||MEDIUM
EPSS-0.02% / 4.50%
||
7 Day CHG~0.00%
Published-30 Oct, 2023 | 16:59
Updated-06 Sep, 2024 | 20:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Audio, there is a possible out of bounds read due to missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-125
Out-of-bounds Read
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 8
  • 9
  • Next
Details not found