CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-45126 – Kernel subsystem in kernel_liteos_a has a kernel stack overflow vulnerability when call SysClockGettime.
https://notcve.org/view.php?id=CVE-2022-45126
Kernel subsystem within OpenHarmony-v3.1.4 and prior versions in kernel_liteos_a has a kernel stack overflow vulnerability when call SysClockGettime. 4 bytes padding data from kernel stack are copied to user space incorrectly and leaked. El subsistema del kernel dentro de OpenHarmony-v3.1.4 y versiones anteriores en kernel_liteos_a tiene una vulnerabilidad de desbordamiento de la pila del kernel cuando se llama a SysClockGettime. Los datos de relleno de 4 bytes de la pila del kernel se copian incorrectamente en el espacio del usuario y se filtran. • https://gitee.com/openharmony/security/blob/master/en/security-disclosure/2022/2022-12.md • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •
CVSS: 4.0EPSS: 0%CPEs: 3EXPL: 0CVE-2022-41802 – Kernel subsystem in kernel_liteos_a has a kernel stack overflow vulnerability when call SysClockGetres.
https://notcve.org/view.php?id=CVE-2022-41802
Kernel subsystem within OpenHarmony-v3.1.4 and prior versions in kernel_liteos_a has a kernel stack overflow vulnerability when call SysClockGetres. 4 bytes padding data from kernel stack are copied to user space incorrectly and leaked. El subsistema del kernel dentro de OpenHarmony-v3.1.4 y versiones anteriores en kernel_liteos_a tiene una vulnerabilidad de desbordamiento de la pila del kernel cuando se llama a SysClockGetres. Los datos de relleno de 4 bytes de la pila del kernel se copian incorrectamente en el espacio del usuario y se filtran. • https://gitee.com/openharmony/security/blob/master/en/security-disclosure/2022/2022-12.md • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •
CVSS: 7.4EPSS: 0%CPEs: 3EXPL: 0CVE-2022-36423 – Incorrect configuration of the cJSON library lead a Stack overflow vulnerability during recursive parsing. LAN attackers can lead a DoS attack to all network devices.
https://notcve.org/view.php?id=CVE-2022-36423
OpenHarmony-v3.1.2 and prior versions have an incorrect configuration of the cJSON library, which leads a Stack overflow vulnerability during recursive parsing. LAN attackers can lead a DoS attack to all network devices. OpenHarmony versiones v3.1.2 y anteriores, presentan una configuración incorrecta de la biblioteca cJSON, que conlleva a una vulnerabilidad de desbordamiento de pila durante el análisis recursivo. Los atacantes de la LAN pueden conllevar a un ataque DoS a todos los dispositivos de la red • https://gitee.com/openharmony/security/blob/master/en/security-disclosure/2022/2022-09.md • CWE-16: Configuration CWE-787: Out-of-bounds Write •