CVE-2023-24465 - Vulnerability Details - OpenCVE

Communication Wi-Fi subsystem within OpenHarmony-v3.1.4 and prior versions, OpenHarmony-v3.0.7 and prior versions

has a null pointer reference vulnerability which local attackers can exploit this vulnerability to cause the current application to crash.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00025.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Openatom	Openharmony

Configuration 1 [-]

OR	cpe:2.3:o:openatom:openharmony:::::lts:::*
	cpe:2.3:o:openatom:openharmony:::::-:::*

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2023-28483	Communication Wi-Fi subsystem within OpenHarmony-v3.1.4 and prior versions, OpenHarmony-v3.0.7 and prior versions has a null pointer reference vulnerability which local attackers can exploit this vulnerability to cause the current application to crash.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://gitee.com/openharmony/security/blob/master/en/security-disclosure/2023/2023-03.md

History

Tue, 04 Mar 2025 22:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Mon, 09 Sep 2024 12:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Openatom Openatom openharmony
CPEs	cpe:2.3:a:openharmony:openharmony:::::-:::* cpe:2.3:a:openharmony:openharmony:::::lts:::*	cpe:2.3:o:openatom:openharmony:::::-:::* cpe:2.3:o:openatom:openharmony:::::lts:::*
Vendors & Products	Openharmony Openharmony openharmony	Openatom Openatom openharmony

MITRE

Status: PUBLISHED

Assigner: OpenHarmony

Published: 2023-03-10T10:45:12.940Z

Updated: 2025-03-04T21:17:09.449Z

Reserved: 2023-03-07T03:52:10.691Z

Link: CVE-2023-24465

Vulnrichment

Updated: 2024-08-02T10:56:04.224Z

NVD

Status : Modified

Published: 2023-03-10T11:15:12.300

Modified: 2024-11-21T07:47:54.987

Link: CVE-2023-24465

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-24465", "assignerOrgId": "0cf5dd6e-1214-4398-a481-30441e48fafd", "state": "PUBLISHED", "assignerShortName": "OpenHarmony", "dateReserved": "2023-03-07T03:52:10.691Z", "datePublished": "2023-03-10T10:45:12.940Z", "dateUpdated": "2025-03-04T21:17:09.449Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "OpenHarmony", "vendor": "OpenHarmony", "versions": [{"lessThanOrEqual": "3.1.4", "status": "affected", "version": "3.1", "versionType": "custom"}, {"lessThanOrEqual": "3.0.7", "status": "affected", "version": "3.0", "versionType": "custom"}]}], "datePublic": "2023-03-11T00:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Communication Wi-Fi subsystem within OpenHarmony-v3.1.4 and prior versions, OpenHarmony-v3.0.7 and prior versions\n\n<span style=\"background-color: rgb(255, 255, 255);\">has a null pointer reference vulnerability</span><span style=\"background-color: rgb(255, 255, 255);\"> </span>which local attackers can exploit this vulnerability to cause the current application to crash.<br>"}], "value": "Communication Wi-Fi subsystem within OpenHarmony-v3.1.4 and prior versions, OpenHarmony-v3.0.7 and prior versions\n\nhas a null pointer reference vulnerability\u00a0which local attackers can exploit this vulnerability to cause the current application to crash.\n"}], "impacts": [{"capecId": "CAPEC-6", "descriptions": [{"lang": "en", "value": "CAPEC-6 Argument Injection"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "description": "CWE-20 Improper Input Validation", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "0cf5dd6e-1214-4398-a481-30441e48fafd", "shortName": "OpenHarmony", "dateUpdated": "2023-03-10T10:45:12.940Z"}, "references": [{"url": "https://gitee.com/openharmony/security/blob/master/en/security-disclosure/2023/2023-03.md"}], "source": {"discovery": "UNKNOWN"}, "title": "Communication Wi-Fi \u00a0subsystem has a null pointer reference vulnerability when receving external data.", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T10:56:04.224Z"}, "title": "CVE Program Container", "references": [{"url": "https://gitee.com/openharmony/security/blob/master/en/security-disclosure/2023/2023-03.md", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-03-04T21:17:00.437543Z", "id": "CVE-2023-24465", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-04T21:17:09.449Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://gitee.com/openharmony/security/blob/master/en/security-disclosure/2023/2023-03.md", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T10:56:04.224Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-24465", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-03-04T21:17:00.437543Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-04T21:17:04.515Z"}}], "cna": {"title": "Communication Wi-Fi \u00a0subsystem has a null pointer reference vulnerability when receving external data.", "source": {"discovery": "UNKNOWN"}, "impacts": [{"capecId": "CAPEC-6", "descriptions": [{"lang": "en", "value": "CAPEC-6 Argument Injection"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "OpenHarmony", "product": "OpenHarmony", "versions": [{"status": "affected", "version": "3.1", "versionType": "custom", "lessThanOrEqual": "3.1.4"}, {"status": "affected", "version": "3.0", "versionType": "custom", "lessThanOrEqual": "3.0.7"}], "defaultStatus": "unaffected"}], "datePublic": "2023-03-11T00:00:00.000Z", "references": [{"url": "https://gitee.com/openharmony/security/blob/master/en/security-disclosure/2023/2023-03.md"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "Communication Wi-Fi subsystem within OpenHarmony-v3.1.4 and prior versions, OpenHarmony-v3.0.7 and prior versions\n\nhas a null pointer reference vulnerability\u00a0which local attackers can exploit this vulnerability to cause the current application to crash.\n", "supportingMedia": [{"type": "text/html", "value": "Communication Wi-Fi subsystem within OpenHarmony-v3.1.4 and prior versions, OpenHarmony-v3.0.7 and prior versions\n\n<span style=\"background-color: rgb(255, 255, 255);\">has a null pointer reference vulnerability</span><span style=\"background-color: rgb(255, 255, 255);\"> </span>which local attackers can exploit this vulnerability to cause the current application to crash.<br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-20", "description": "CWE-20 Improper Input Validation"}]}], "providerMetadata": {"orgId": "0cf5dd6e-1214-4398-a481-30441e48fafd", "shortName": "OpenHarmony", "dateUpdated": "2023-03-10T10:45:12.940Z"}}}, "cveMetadata": {"cveId": "CVE-2023-24465", "state": "PUBLISHED", "dateUpdated": "2025-03-04T21:17:09.449Z", "dateReserved": "2023-03-07T03:52:10.691Z", "assignerOrgId": "0cf5dd6e-1214-4398-a481-30441e48fafd", "datePublished": "2023-03-10T10:45:12.940Z", "assignerShortName": "OpenHarmony"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:openatom:openharmony:*:*:*:*:lts:*:*:*", "matchCriteriaId": "A6890018-CA05-41A8-B061-19B45BFD5281", "versionEndIncluding": "3.0.7", "versionStartIncluding": "3.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:openatom:openharmony:*:*:*:*:-:*:*:*", "matchCriteriaId": "9346515D-01CC-45A7-8230-E40B8EA89ADF", "versionEndIncluding": "3.1.4", "versionStartIncluding": "3.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Communication Wi-Fi subsystem within OpenHarmony-v3.1.4 and prior versions, OpenHarmony-v3.0.7 and prior versions\n\nhas a null pointer reference vulnerability\u00a0which local attackers can exploit this vulnerability to cause the current application to crash.\n"}], "id": "CVE-2023-24465", "lastModified": "2024-11-21T07:47:54.987", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "scy@openharmony.io", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-03-10T11:15:12.300", "references": [{"source": "scy@openharmony.io", "tags": ["Third Party Advisory"], "url": "https://gitee.com/openharmony/security/blob/master/en/security-disclosure/2023/2023-03.md"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://gitee.com/openharmony/security/blob/master/en/security-disclosure/2023/2023-03.md"}], "sourceIdentifier": "scy@openharmony.io", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "scy@openharmony.io", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-476"}], "source": "nvd@nist.gov", "type": "Primary"}]}