Vulnerabilities > CVE-2023-25947 - NULL Pointer Dereference vulnerability in Openatom Openharmony

CVSS 5.5 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

local

low complexity

openatom

CWE-476

NVD

Published: 2023-03-10

Updated: 2024-09-09

Summary

The bundle management subsystem within OpenHarmony-v3.1.4 and prior versions has a null pointer reference vulnerability which local attackers can exploit this vulnerability to cause a DoS attack to the system when installing a malicious HAP package.

Vulnerable Configurations

Part	Description	Count
OS	Openatom Openatom Openharmony 3.1 Openatom Openharmony 3.1.1 Openatom Openharmony 3.1.2 Openatom Openharmony 3.1.3 Openatom Openharmony 3.1.4	6

Common Weakness Enumeration (CWE)

CWE-476 - NULL Pointer Dereference

References

https://gitee.com/openharmony/security/blob/master/en/security-disclosure/2023/2023-03.md