CVE-2023-0083 MEDIUM

CVE-2023-0083: The ArkUI framework subsystem doesn't check the input parameter,causing type confusion and invalid memory access.

Vendor Openharmony

Product OpenHarmony

Weakness CWE-843

Published March 10, 2023

Last update February 27, 2025

View on NVD All CVEs

CVSS base score

4.0/10

Attack vector Local

Attack complexity Low

Privileges required None

User interaction None

Confidentiality Low

Integrity None

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

The ArKUI framework subsystem within OpenHarmony-v3.1.5 and prior versions, OpenHarmony-v3.0.7 and prior versions has an Improper Input Validation vulnerability which local attackers can exploit this vulnerability to send malicious data, causing the current application to crash.

Key dates

02Disclosure timeline

March 10, 2023 CVE published

February 27, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-0083 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/843.html

Related vulnerabilities

Identifiers

CVE CVE-2023-0083

CWE CWE-843

CVSS 4.0 / MEDIUM

Affected versions

Vendor Openharmony

Product OpenHarmony

Affected ≥ 3.0 and ≤ 3.0.7

Vendor Openharmony

Product OpenHarmony

Affected ≥ 3.1 and ≤ 3.1.5

CVE-2023-0083: The ArkUI framework subsystem doesn't check the input parameter,causing type confusion and invalid memory access.

01Description

02Disclosure timeline

03References

04Related CVE