Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-20011

Summary
Assigner-OpenHarmony
Assigner Org ID-0cf5dd6e-1214-4398-a481-30441e48fafd
Published At-04 Mar, 2025 | 03:44
Updated At-04 Mar, 2025 | 14:32
Rejected At-
Credits

Communication Dsoftbus has a memory leak vulnerability

in OpenHarmony v5.0.2 and prior versions allow a local attacker case DOS through missing release of memory.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:OpenHarmony
Assigner Org ID:0cf5dd6e-1214-4398-a481-30441e48fafd
Published At:04 Mar, 2025 | 03:44
Updated At:04 Mar, 2025 | 14:32
Rejected At:
▼CVE Numbering Authority (CNA)
Communication Dsoftbus has a memory leak vulnerability

in OpenHarmony v5.0.2 and prior versions allow a local attacker case DOS through missing release of memory.

Affected Products
Vendor
OpenHarmony (OpenAtom Foundation)OpenHarmony
Product
OpenHarmony
Default Status
unaffected
Versions
Affected
  • From v4.1.0 through v5.0.2 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-401CWE-401 Missing Release of Memory after Effective Lifetime
Type: CWE
CWE ID: CWE-401
Description: CWE-401 Missing Release of Memory after Effective Lifetime
Metrics
VersionBase scoreBase severityVector
3.13.3LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Version: 3.1
Base score: 3.3
Base severity: LOW
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2025/2025-03.md
N/A
Hyperlink: https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2025/2025-03.md
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:scy@openharmony.io
Published At:04 Mar, 2025 | 04:15
Updated At:04 Mar, 2025 | 04:15

in OpenHarmony v5.0.2 and prior versions allow a local attacker case DOS through missing release of memory.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.13.3LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Type: Secondary
Version: 3.1
Base score: 3.3
Base severity: LOW
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-401Primaryscy@openharmony.io
CWE ID: CWE-401
Type: Primary
Source: scy@openharmony.io
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2025/2025-03.mdscy@openharmony.io
N/A
Hyperlink: https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2025/2025-03.md
Source: scy@openharmony.io
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

72Records found
CVE-2025-27562
Matching Score-10
Assigner-OpenHarmony
ShareView Details
Matching Score-10
Assigner-OpenHarmony
CVSS Score-3.3||LOW
EPSS-0.01% / 1.77%
||
7 Day CHG~0.00%
Published-11 Aug, 2025 | 02:55
Updated-12 Aug, 2025 | 16:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
communication_dsoftbus has a missing release of memory vulnerability

in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through missing release of memory.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmony
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2025-24925
Matching Score-10
Assigner-OpenHarmony
ShareView Details
Matching Score-10
Assigner-OpenHarmony
CVSS Score-3.3||LOW
EPSS-0.01% / 1.77%
||
7 Day CHG~0.00%
Published-11 Aug, 2025 | 02:55
Updated-12 Aug, 2025 | 16:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
applications_settings has a missing release of memory vulnerability

in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through missing release of memory.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmony
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2025-24844
Matching Score-10
Assigner-OpenHarmony
ShareView Details
Matching Score-10
Assigner-OpenHarmony
CVSS Score-3.3||LOW
EPSS-0.01% / 1.77%
||
7 Day CHG~0.00%
Published-11 Aug, 2025 | 02:55
Updated-12 Aug, 2025 | 16:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
communication_dsoftbus has a missing release of memory vulnerability

in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through missing release of memory.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmony
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2025-25057
Matching Score-10
Assigner-OpenHarmony
ShareView Details
Matching Score-10
Assigner-OpenHarmony
CVSS Score-3.3||LOW
EPSS-0.03% / 5.13%
||
7 Day CHG~0.00%
Published-07 Apr, 2025 | 02:35
Updated-07 Apr, 2025 | 15:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
third_party_NuttX has a memory leak vulnerability

in OpenHarmony v5.0.2 and prior versions allow a local attacker case DOS through missing release of memory.

Action-Not Available
Vendor-OpenHarmony (OpenAtom Foundation)
Product-OpenHarmony
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2025-22886
Matching Score-10
Assigner-OpenHarmony
ShareView Details
Matching Score-10
Assigner-OpenHarmony
CVSS Score-3.3||LOW
EPSS-0.02% / 3.27%
||
7 Day CHG~0.00%
Published-06 May, 2025 | 09:03
Updated-09 May, 2025 | 19:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
distributeddatamgr_udmf has a memory leak vulnerability

in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through missing release of memory.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmony
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2024-43696
Matching Score-10
Assigner-OpenHarmony
ShareView Details
Matching Score-10
Assigner-OpenHarmony
CVSS Score-3.3||LOW
EPSS-0.03% / 7.77%
||
7 Day CHG~0.00%
Published-08 Oct, 2024 | 03:03
Updated-16 Oct, 2024 | 17:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Liteos_a has an Memory Leak vulnerability

in OpenHarmony v4.1.0 and prior versions allow a local attacker cause DOS by memory leak.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmony
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2024-28044
Matching Score-8
Assigner-OpenHarmony
ShareView Details
Matching Score-8
Assigner-OpenHarmony
CVSS Score-3.3||LOW
EPSS-0.03% / 7.75%
||
7 Day CHG~0.00%
Published-02 Sep, 2024 | 03:24
Updated-04 Sep, 2024 | 17:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Liteos-A has an integer overflow vulnerability

in OpenHarmony v4.1.0 and prior versions allow a local attacker cause crash through integer overflow.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmony
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2024-21834
Matching Score-8
Assigner-OpenHarmony
ShareView Details
Matching Score-8
Assigner-OpenHarmony
CVSS Score-3.3||LOW
EPSS-0.08% / 24.13%
||
7 Day CHG~0.00%
Published-02 Apr, 2024 | 06:22
Updated-02 Jan, 2025 | 19:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Arkui has a type confusion vulnerability

in OpenHarmony v3.2.4 and prior versions allow a local attacker cause apps crash through type confusion.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmony
CWE ID-CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
CVE-2024-22180
Matching Score-8
Assigner-OpenHarmony
ShareView Details
Matching Score-8
Assigner-OpenHarmony
CVSS Score-3.3||LOW
EPSS-0.07% / 23.04%
||
7 Day CHG~0.00%
Published-02 Apr, 2024 | 06:22
Updated-27 Jan, 2025 | 17:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Camera has a use after free vulnerability

in OpenHarmony v4.0.0 and prior versions allow a local attacker cause DOS through use after free.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmonyopenharmony
CWE ID-CWE-416
Use After Free
CVE-2023-49142
Matching Score-8
Assigner-OpenHarmony
ShareView Details
Matching Score-8
Assigner-OpenHarmony
CVSS Score-4||MEDIUM
EPSS-0.06% / 16.91%
||
7 Day CHG~0.00%
Published-02 Jan, 2024 | 07:24
Updated-17 Jun, 2025 | 20:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
multimedia audio has a UAF vulnerability

in OpenHarmony v3.2.2 and prior versions allow a local attacker cause multimedia audio crash through modify a released pointer.

Action-Not Available
Vendor-OpenHarmony (OpenAtom Foundation)OpenAtom Foundation
Product-openharmonyOpenHarmony
CWE ID-CWE-416
Use After Free
CVE-2025-27242
Matching Score-8
Assigner-OpenHarmony
ShareView Details
Matching Score-8
Assigner-OpenHarmony
CVSS Score-3.3||LOW
EPSS-0.03% / 6.44%
||
7 Day CHG~0.00%
Published-08 Jun, 2025 | 11:47
Updated-09 Jun, 2025 | 19:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Ssecurity_component_manager has an improper input vulnerability

in OpenHarmony v5.0.3 and prior versions allow a local attacker cause DOS through improper input.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmony
CWE ID-CWE-20
Improper Input Validation
CVE-2025-27536
Matching Score-8
Assigner-OpenHarmony
ShareView Details
Matching Score-8
Assigner-OpenHarmony
CVSS Score-3.3||LOW
EPSS-0.01% / 1.77%
||
7 Day CHG~0.00%
Published-11 Aug, 2025 | 02:55
Updated-12 Aug, 2025 | 16:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
arkcompiler_ets_runtime has a type confusion vulnerability

in OpenHarmony v5.0.3 and prior versions allow a local attacker cause DOS through type confusion.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmony
CWE ID-CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
CVE-2025-27534
Matching Score-8
Assigner-OpenHarmony
ShareView Details
Matching Score-8
Assigner-OpenHarmony
CVSS Score-3.3||LOW
EPSS-0.03% / 5.13%
||
7 Day CHG~0.00%
Published-07 Apr, 2025 | 02:35
Updated-07 Apr, 2025 | 15:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
arkcompiler_ets_runtime has an out-of-bounds read vulnerability

in OpenHarmony v5.0.2 and prior versions allow a local attacker case DOS through missing release of memory.

Action-Not Available
Vendor-OpenHarmony (OpenAtom Foundation)
Product-OpenHarmony
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-27248
Matching Score-8
Assigner-OpenHarmony
ShareView Details
Matching Score-8
Assigner-OpenHarmony
CVSS Score-3.3||LOW
EPSS-0.02% / 3.27%
||
7 Day CHG~0.00%
Published-06 May, 2025 | 09:03
Updated-09 May, 2025 | 19:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ai_neural_network_runtime has a NULL pointer dereference vulnerability

in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through NULL pointer dereference.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmony
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-27241
Matching Score-8
Assigner-OpenHarmony
ShareView Details
Matching Score-8
Assigner-OpenHarmony
CVSS Score-3.3||LOW
EPSS-0.02% / 3.27%
||
7 Day CHG~0.00%
Published-06 May, 2025 | 09:03
Updated-09 May, 2025 | 19:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
multimedia_av_codec has a NULL pointer dereference vulnerability

in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through NULL pointer dereference.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmony
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-26690
Matching Score-8
Assigner-OpenHarmony
ShareView Details
Matching Score-8
Assigner-OpenHarmony
CVSS Score-3.3||LOW
EPSS-0.01% / 1.77%
||
7 Day CHG~0.00%
Published-11 Aug, 2025 | 02:55
Updated-12 Aug, 2025 | 16:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
communication dsoftbus has a NULL pointer vulnerability

in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through NULL pointer dereference.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmony
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-25218
Matching Score-8
Assigner-OpenHarmony
ShareView Details
Matching Score-8
Assigner-OpenHarmony
CVSS Score-3.3||LOW
EPSS-0.02% / 3.27%
||
7 Day CHG~0.00%
Published-06 May, 2025 | 08:50
Updated-09 May, 2025 | 19:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
third_party_mksh has a NULL pointer dereference vulnerability

in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through NULL pointer dereference.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmony
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-25217
Matching Score-8
Assigner-OpenHarmony
ShareView Details
Matching Score-8
Assigner-OpenHarmony
CVSS Score-3.3||LOW
EPSS-0.02% / 3.27%
||
7 Day CHG~0.00%
Published-08 Jun, 2025 | 11:46
Updated-09 Jun, 2025 | 19:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
arkui_ace_enginehas a NULL pointer dereference vulnerability

in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through NULL pointer dereference.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmony
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-25212
Matching Score-8
Assigner-OpenHarmony
ShareView Details
Matching Score-8
Assigner-OpenHarmony
CVSS Score-3.3||LOW
EPSS-0.02% / 4.02%
||
7 Day CHG~0.00%
Published-11 Aug, 2025 | 02:55
Updated-12 Aug, 2025 | 16:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
pasteboard has an improper input vulnerability

in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through improper input.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmony
CWE ID-CWE-20
Improper Input Validation
CVE-2025-24304
Matching Score-8
Assigner-OpenHarmony
ShareView Details
Matching Score-8
Assigner-OpenHarmony
CVSS Score-3.3||LOW
EPSS-0.03% / 5.13%
||
7 Day CHG~0.00%
Published-07 Apr, 2025 | 02:35
Updated-07 Apr, 2025 | 15:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
arkcompiler_ets_runtime has an out-of-bounds write vulnerability

in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through out-of-bounds write.

Action-Not Available
Vendor-OpenHarmony (OpenAtom Foundation)
Product-OpenHarmony
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-25052
Matching Score-8
Assigner-OpenHarmony
ShareView Details
Matching Score-8
Assigner-OpenHarmony
CVSS Score-3.3||LOW
EPSS-0.02% / 3.27%
||
7 Day CHG~0.00%
Published-06 May, 2025 | 09:03
Updated-09 May, 2025 | 19:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
arkcompiler_ets_runtime has a buffer overflow vulnerability

in OpenHarmony v5.0.3 and prior versions allow a local attacker cause DOS through buffer overflow.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmony
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2025-23234
Matching Score-8
Assigner-OpenHarmony
ShareView Details
Matching Score-8
Assigner-OpenHarmony
CVSS Score-3.3||LOW
EPSS-0.02% / 3.60%
||
7 Day CHG~0.00%
Published-04 Mar, 2025 | 03:44
Updated-11 Mar, 2025 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Arkcompiler Ets Runtime has a buffer overflow vulnerability

in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through buffer overflow.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmony
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2025-23235
Matching Score-8
Assigner-OpenHarmony
ShareView Details
Matching Score-8
Assigner-OpenHarmony
CVSS Score-3.3||LOW
EPSS-0.02% / 3.27%
||
7 Day CHG~0.00%
Published-08 Jun, 2025 | 11:46
Updated-09 Jun, 2025 | 19:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
arkcompiler_ets_runtime has an out-of-bounds write vulnerability

in OpenHarmony v5.0.3 and prior versions allow a local attacker cause DOS through out-of-bounds read.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmony
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-23418
Matching Score-8
Assigner-OpenHarmony
ShareView Details
Matching Score-8
Assigner-OpenHarmony
CVSS Score-3.3||LOW
EPSS-0.02% / 3.60%
||
7 Day CHG~0.00%
Published-04 Mar, 2025 | 03:44
Updated-11 Mar, 2025 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Arkcompiler Ets Runtime has an out-of-bounds read vulnerability

in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through out-of-bounds read.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmony
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-22897
Matching Score-8
Assigner-OpenHarmony
ShareView Details
Matching Score-8
Assigner-OpenHarmony
CVSS Score-3.3||LOW
EPSS-0.02% / 3.60%
||
7 Day CHG~0.00%
Published-04 Mar, 2025 | 03:44
Updated-11 Mar, 2025 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Arkcompiler Ets Runtime has a buffer overflow vulnerability

in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through buffer overflow.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmony
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2025-22841
Matching Score-8
Assigner-OpenHarmony
ShareView Details
Matching Score-8
Assigner-OpenHarmony
CVSS Score-3.3||LOW
EPSS-0.02% / 3.60%
||
7 Day CHG~0.00%
Published-04 Mar, 2025 | 03:44
Updated-04 Mar, 2025 | 17:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Arkcompiler Ets Runtime has an out-of-bounds read vulnerability

in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through out-of-bounds read.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmony
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-22847
Matching Score-8
Assigner-OpenHarmony
ShareView Details
Matching Score-8
Assigner-OpenHarmony
CVSS Score-3.3||LOW
EPSS-0.02% / 3.60%
||
7 Day CHG~0.00%
Published-04 Mar, 2025 | 03:44
Updated-04 Mar, 2025 | 17:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Arkcompiler Ets Runtime has an out-of-bounds read vulnerability

in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through out-of-bounds read.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmony
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-22452
Matching Score-8
Assigner-OpenHarmony
ShareView Details
Matching Score-8
Assigner-OpenHarmony
CVSS Score-3.3||LOW
EPSS-0.03% / 5.13%
||
7 Day CHG~0.00%
Published-07 Apr, 2025 | 02:35
Updated-07 Apr, 2025 | 14:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
arkcompiler_ets_runtime has an out-of-bounds read vulnerability

in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through out-of-bounds read.

Action-Not Available
Vendor-OpenHarmony (OpenAtom Foundation)
Product-OpenHarmony
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-22443
Matching Score-8
Assigner-OpenHarmony
ShareView Details
Matching Score-8
Assigner-OpenHarmony
CVSS Score-3.3||LOW
EPSS-0.02% / 3.60%
||
7 Day CHG~0.00%
Published-04 Mar, 2025 | 03:44
Updated-04 Mar, 2025 | 15:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Arkcompiler Ets Runtime has an out-of-bounds read vulnerability

in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through out-of-bounds read.

Action-Not Available
Vendor-OpenHarmony (OpenAtom Foundation)
Product-OpenHarmony
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-22842
Matching Score-8
Assigner-OpenHarmony
ShareView Details
Matching Score-8
Assigner-OpenHarmony
CVSS Score-3.3||LOW
EPSS-0.03% / 5.13%
||
7 Day CHG~0.00%
Published-07 Apr, 2025 | 02:35
Updated-07 Apr, 2025 | 14:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
arkcompiler_ets_runtime has an out-of-bounds read vulnerability

in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through out-of-bounds read.

Action-Not Available
Vendor-OpenHarmony (OpenAtom Foundation)
Product-OpenHarmony
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-22837
Matching Score-8
Assigner-OpenHarmony
ShareView Details
Matching Score-8
Assigner-OpenHarmony
CVSS Score-3.3||LOW
EPSS-0.02% / 3.60%
||
7 Day CHG~0.00%
Published-04 Mar, 2025 | 03:44
Updated-04 Mar, 2025 | 17:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Arkcompiler Ets Runtime has a NULL pointer dereference vulnerability

in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through NULL pointer dereference.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmony
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-21089
Matching Score-8
Assigner-OpenHarmony
ShareView Details
Matching Score-8
Assigner-OpenHarmony
CVSS Score-3.3||LOW
EPSS-0.02% / 3.60%
||
7 Day CHG~0.00%
Published-04 Mar, 2025 | 03:44
Updated-04 Mar, 2025 | 14:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Arkcompiler Ets Runtime has an out-of-bounds read vulnerability

in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through out-of-bounds read.

Action-Not Available
Vendor-OpenHarmony (OpenAtom Foundation)
Product-OpenHarmony
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-21082
Matching Score-8
Assigner-OpenHarmony
ShareView Details
Matching Score-8
Assigner-OpenHarmony
CVSS Score-3.3||LOW
EPSS-0.02% / 3.27%
||
7 Day CHG~0.00%
Published-08 Jun, 2025 | 11:46
Updated-09 Jun, 2025 | 19:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
arkui_ace_engine has a type confusion vulnerability

in OpenHarmony v5.0.3 and prior versions allow a local attacker cause apps crash through type confusion.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmony
CWE ID-CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
CVE-2025-21097
Matching Score-8
Assigner-OpenHarmony
ShareView Details
Matching Score-8
Assigner-OpenHarmony
CVSS Score-3.3||LOW
EPSS-0.02% / 3.60%
||
7 Day CHG~0.00%
Published-04 Mar, 2025 | 03:44
Updated-04 Mar, 2025 | 15:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Arkcompiler Ets Runtime has a NULL pointer dereference vulnerability

in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through NULL pointer dereference.

Action-Not Available
Vendor-OpenHarmony (OpenAtom Foundation)
Product-OpenHarmony
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-20063
Matching Score-8
Assigner-OpenHarmony
ShareView Details
Matching Score-8
Assigner-OpenHarmony
CVSS Score-3.3||LOW
EPSS-0.02% / 3.27%
||
7 Day CHG~0.00%
Published-08 Jun, 2025 | 11:46
Updated-09 Jun, 2025 | 19:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
arkui_ace_engine has a type confusion vulnerability

in OpenHarmony v5.0.3 and prior versions allow a local attacker cause apps crash through type confusion.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmony
CWE ID-CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
CVE-2025-20021
Matching Score-8
Assigner-OpenHarmony
ShareView Details
Matching Score-8
Assigner-OpenHarmony
CVSS Score-3.3||LOW
EPSS-0.02% / 3.60%
||
7 Day CHG~0.00%
Published-04 Mar, 2025 | 03:44
Updated-04 Mar, 2025 | 19:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Arkcompiler Ets Runtime has an out-of-bounds read vulnerability

in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through out-of-bounds read.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmony
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-20102
Matching Score-8
Assigner-OpenHarmony
ShareView Details
Matching Score-8
Assigner-OpenHarmony
CVSS Score-3.3||LOW
EPSS-0.03% / 5.13%
||
7 Day CHG~0.00%
Published-07 Apr, 2025 | 02:35
Updated-07 Apr, 2025 | 14:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
arkcompiler_ets_runtime has an out-of-bounds read vulnerability

in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through out-of-bounds read.

Action-Not Available
Vendor-OpenHarmony (OpenAtom Foundation)
Product-OpenHarmony
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-41802
Matching Score-8
Assigner-OpenHarmony
ShareView Details
Matching Score-8
Assigner-OpenHarmony
CVSS Score-4||MEDIUM
EPSS-0.08% / 24.09%
||
7 Day CHG~0.00%
Published-08 Dec, 2022 | 00:00
Updated-09 Sep, 2024 | 12:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Kernel subsystem in kernel_liteos_a has a kernel stack overflow vulnerability when call SysClockGetres.

Kernel subsystem within OpenHarmony-v3.1.4 and prior versions in kernel_liteos_a has a kernel stack overflow vulnerability when call SysClockGetres. 4 bytes padding data from kernel stack are copied to user space incorrectly and leaked.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmony
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-47402
Matching Score-8
Assigner-OpenHarmony
ShareView Details
Matching Score-8
Assigner-OpenHarmony
CVSS Score-3.3||LOW
EPSS-0.03% / 7.19%
||
7 Day CHG~0.00%
Published-05 Nov, 2024 | 08:01
Updated-06 Nov, 2024 | 15:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Liteos_a has an Out-of-bounds Read vulnerability

in OpenHarmony v4.0.0 and prior versions allow a local attacker cause DOS through out-of-bounds read.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmony
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-45382
Matching Score-8
Assigner-OpenHarmony
ShareView Details
Matching Score-8
Assigner-OpenHarmony
CVSS Score-3.3||LOW
EPSS-0.03% / 7.77%
||
7 Day CHG~0.00%
Published-08 Oct, 2024 | 03:03
Updated-16 Oct, 2024 | 17:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Liteos_a has an Out-of-bounds Write vulnerability

in OpenHarmony v4.1.0 and prior versions allow a local attacker cause DOS through out-of-bounds write.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmony
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-31078
Matching Score-8
Assigner-OpenHarmony
ShareView Details
Matching Score-8
Assigner-OpenHarmony
CVSS Score-3.3||LOW
EPSS-0.08% / 24.13%
||
7 Day CHG~0.00%
Published-07 May, 2024 | 06:27
Updated-02 Jan, 2025 | 19:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Bluetooth Service has a use after free vulnerability

in OpenHarmony v4.0.0 and prior versions allow a local attacker cause service crash through NULL pointer dereference.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmonyopenharmony
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2024-22177
Matching Score-8
Assigner-OpenHarmony
ShareView Details
Matching Score-8
Assigner-OpenHarmony
CVSS Score-3.3||LOW
EPSS-0.06% / 19.86%
||
7 Day CHG~0.00%
Published-02 Apr, 2024 | 06:22
Updated-02 Jan, 2025 | 19:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Audio has an improper preservation of permissions vulnerability

in OpenHarmony v3.2.4 and prior versions allow a local attacker cause apps crash through get permission.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmony
CWE ID-CWE-281
Improper Preservation of Permissions
CVE-2024-43697
Matching Score-8
Assigner-OpenHarmony
ShareView Details
Matching Score-8
Assigner-OpenHarmony
CVSS Score-3.3||LOW
EPSS-0.03% / 7.77%
||
7 Day CHG~0.00%
Published-08 Oct, 2024 | 03:03
Updated-16 Oct, 2024 | 17:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Liteos_a has an Improper Input Validation vulnerability

in OpenHarmony v4.1.0 and prior versions allow a local attacker cause DOS through improper input.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmony
CWE ID-CWE-20
Improper Input Validation
CVE-2024-3757
Matching Score-8
Assigner-OpenHarmony
ShareView Details
Matching Score-8
Assigner-OpenHarmony
CVSS Score-3.3||LOW
EPSS-0.08% / 24.13%
||
7 Day CHG~0.00%
Published-07 May, 2024 | 06:27
Updated-02 Jan, 2025 | 19:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Arkcompiler runtime has an integer overflow vulnerability

in OpenHarmony v4.0.0 and prior versions allow a local attacker cause service crash through integer overflow.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmony
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2024-36278
Matching Score-8
Assigner-OpenHarmony
ShareView Details
Matching Score-8
Assigner-OpenHarmony
CVSS Score-3.3||LOW
EPSS-0.05% / 13.66%
||
7 Day CHG~0.00%
Published-02 Jul, 2024 | 08:13
Updated-09 Sep, 2024 | 12:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Arkcompiler Ets Runtime has a type confusion vulnerability

in OpenHarmony v4.0.0 and prior versions allow a local attacker cause apps crash through type confusion.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmonyopenharmony
CWE ID-CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
CVE-2024-29086
Matching Score-8
Assigner-OpenHarmony
ShareView Details
Matching Score-8
Assigner-OpenHarmony
CVSS Score-3.3||LOW
EPSS-0.09% / 27.14%
||
7 Day CHG~0.00%
Published-02 Apr, 2024 | 06:23
Updated-02 Jan, 2025 | 19:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Arkcompiler runtime has a stack overflow svulnerability

in OpenHarmony v3.2.4 and prior versions allow a local attacker cause DOS through stack overflow.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmony
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2024-31071
Matching Score-8
Assigner-OpenHarmony
ShareView Details
Matching Score-8
Assigner-OpenHarmony
CVSS Score-3.3||LOW
EPSS-0.05% / 15.91%
||
7 Day CHG~0.00%
Published-02 Jul, 2024 | 08:13
Updated-09 Sep, 2024 | 12:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Arkcompiler Ets Runtime has a type confusion vulnerability

in OpenHarmony v4.0.0 and prior versions allow a local attacker cause apps crash through type confusion.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmonyopenharmony
CWE ID-CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
CVE-2025-8225
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.8||MEDIUM
EPSS-0.02% / 2.46%
||
7 Day CHG~0.00%
Published-27 Jul, 2025 | 08:02
Updated-01 Aug, 2025 | 17:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
GNU Binutils DWARF Section dwarf.c process_debug_info memory leak

A vulnerability was found in GNU Binutils 2.44 and classified as problematic. This issue affects the function process_debug_info of the file binutils/dwarf.c of the component DWARF Section Handler. The manipulation leads to memory leak. Attacking locally is a requirement. The identifier of the patch is e51fdff7d2e538c0e5accdd65649ac68e6e0ddd4. It is recommended to apply a patch to fix this issue.

Action-Not Available
Vendor-GNU
Product-binutilsBinutils
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CWE ID-CWE-404
Improper Resource Shutdown or Release
CVE-2025-9165
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.8||MEDIUM
EPSS-0.01% / 1.77%
||
7 Day CHG~0.00%
Published-19 Aug, 2025 | 20:02
Updated-26 Aug, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
LibTIFF tiffcmp tiffcmp.c InitCCITTFax3 memory leak

A flaw has been found in LibTIFF 4.7.0. This affects the function _TIFFmallocExt/_TIFFCheckRealloc/TIFFHashSetNew/InitCCITTFax3 of the file tools/tiffcmp.c of the component tiffcmp. Executing manipulation can lead to memory leak. The attack is restricted to local execution. The exploit has been published and may be used. This patch is called ed141286a37f6e5ddafb5069347ff5d587e7a4e0. It is best practice to apply a patch to resolve this issue.

Action-Not Available
Vendor-n/a
Product-LibTIFF
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CWE ID-CWE-404
Improper Resource Shutdown or Release
CVE-2025-7068
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.8||MEDIUM
EPSS-0.03% / 6.47%
||
7 Day CHG~0.00%
Published-04 Jul, 2025 | 20:32
Updated-09 Jul, 2025 | 17:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
HDF5 H5FL.c H5FL__malloc memory leak

A vulnerability, which was classified as problematic, has been found in HDF5 1.14.6. This issue affects the function H5FL__malloc of the file src/H5FL.c. The manipulation leads to memory leak. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-n/aThe HDF Group
Product-hdf5HDF5
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CWE ID-CWE-404
Improper Resource Shutdown or Release
  • Previous
  • 1
  • 2
  • Next
Details not found