Sign-up

ID

VAR-202303-0798


CVE

CVE-2023-24465


TITLE

OpenHarmony  In  NULL  Pointer dereference vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2023-004938

DESCRIPTION

Communication Wi-Fi subsystem within OpenHarmony-v3.1.4 and prior versions, OpenHarmony-v3.0.7 and prior versions has a null pointer reference vulnerability which local attackers can exploit this vulnerability to cause the current application to crash. OpenHarmony for, NULL There is a vulnerability in pointer dereference.Service operation interruption (DoS) It may be in a state

Trust: 1.71

sources: NVD: CVE-2023-24465 // JVNDB: JVNDB-2023-004938 // VULMON: CVE-2023-24465

IOT TAXONOMY

category:['other device']sub_category:IoT device with OpenHarmony

Trust: 0.1

sources: OTHER: None

AFFECTED PRODUCTS

vendor:openatommodel:openharmonyscope:lteversion:3.1.4

Trust: 1.0

vendor:openatommodel:openharmonyscope:lteversion:3.0.7

Trust: 1.0

vendor:openatommodel:openharmonyscope:gteversion:3.0

Trust: 1.0

vendor:openatommodel:openharmonyscope:gteversion:3.1

Trust: 1.0

vendor:openharmonymodel:openharmonyscope:eqversion: -

Trust: 0.8

vendor:openharmonymodel:openharmonyscope: - version: -

Trust: 0.8

vendor:openharmonymodel:openharmonyscope:eqversion:3.1 to 3.1.4

Trust: 0.8

vendor:openharmonymodel:openharmonyscope:eqversion:3.0 to 3.0.7

Trust: 0.8

sources: JVNDB: JVNDB-2023-004938 // NVD: CVE-2023-24465

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2023-24465
value: MEDIUM

Trust: 1.0

scy@openharmony.io: CVE-2023-24465
value: MEDIUM

Trust: 1.0

NVD: CVE-2023-24465
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202303-748
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2023-24465
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.1

Trust: 1.0

scy@openharmony.io: CVE-2023-24465
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2023-24465
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2023-004938 // CNNVD: CNNVD-202303-748 // NVD: CVE-2023-24465 // NVD: CVE-2023-24465

PROBLEMTYPE DATA

problemtype:CWE-476

Trust: 1.0

problemtype:CWE-20

Trust: 1.0

problemtype:NULL Pointer dereference (CWE-476) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2023-004938 // NVD: CVE-2023-24465

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202303-748

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-202303-748

PATCH

title:OpenHarmony Fixes for code issue vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=229045

Trust: 0.6

sources: CNNVD: CNNVD-202303-748

EXTERNAL IDS

db:NVDid:CVE-2023-24465

Trust: 3.4

db:JVNDBid:JVNDB-2023-004938

Trust: 0.8

db:CNNVDid:CNNVD-202303-748

Trust: 0.6

db:OTHERid:NONE

Trust: 0.1

db:VULMONid:CVE-2023-24465

Trust: 0.1

sources: OTHER: None // VULMON: CVE-2023-24465 // JVNDB: JVNDB-2023-004938 // CNNVD: CNNVD-202303-748 // NVD: CVE-2023-24465

REFERENCES

url:https://gitee.com/openharmony/security/blob/master/en/security-disclosure/2023/2023-03.md

Trust: 2.5

url:https://nvd.nist.gov/vuln/detail/cve-2023-24465

Trust: 0.8

url:https://cxsecurity.com/cveshow/cve-2023-24465/

Trust: 0.6

url:https://ieeexplore.ieee.org/abstract/document/10769424

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: OTHER: None // VULMON: CVE-2023-24465 // JVNDB: JVNDB-2023-004938 // CNNVD: CNNVD-202303-748 // NVD: CVE-2023-24465

SOURCES

db:OTHERid: -
db:VULMONid:CVE-2023-24465
db:JVNDBid:JVNDB-2023-004938
db:CNNVDid:CNNVD-202303-748
db:NVDid:CVE-2023-24465

LAST UPDATE DATE

2025-01-30T21:41:59.095000+00:00


SOURCES UPDATE DATE

db:VULMONid:CVE-2023-24465date:2023-03-10T00:00:00
db:JVNDBid:JVNDB-2023-004938date:2023-11-06T01:27:00
db:CNNVDid:CNNVD-202303-748date:2023-03-15T00:00:00
db:NVDid:CVE-2023-24465date:2024-09-09T12:21:53.383

SOURCES RELEASE DATE

db:VULMONid:CVE-2023-24465date:2023-03-10T00:00:00
db:JVNDBid:JVNDB-2023-004938date:2023-11-06T00:00:00
db:CNNVDid:CNNVD-202303-748date:2023-03-10T00:00:00
db:NVDid:CVE-2023-24465date:2023-03-10T11:15:12.300