CVE-2022-36423

CVSS v3.1

7.4

High

Vector

AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions OpenHarmony versions prior to 3.1.2

Description The issue is caused by an incorrect configuration of the cJSON library, leading to a stack overflow vulnerability during recursive parsing. This allows LAN attackers to launch a Denial of Service (DoS) attack against all network devices.

Recommendations For OpenHarmony versions prior to 3.1.2, update to a version that correctly configures the cJSON library to prevent the stack overflow vulnerability. As a temporary workaround, consider restricting access to the network to minimize the risk of exploitation by LAN attackers.

Fix

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-16CWE-787

Related Identifiers

CVE-2022-36423

Affected Products

Openharmony

Cjson

CVE-2022-36423

Weakness Enumeration

Related Identifiers

Affected Products

References · 6