OpenHarmony

OpenHarmony copied to clipboard

Contact Details [email protected] What happened? 我通过使用V1SCAN（一个扫描存在于复用代码中1-Day漏洞的工具），发现您的项目中Openharmonyv1.0/third_party/curl/lib文件夹下的multi.c文件可能存在漏洞, 具体参考链接如下： > CVE-2021-22901 in multi.c: > 相关触发逻辑类似https://github.com/advisories/GHSA-vjwf-ghhc-2p8q > NVD说明链接： > https://nvd.nist.gov/vuln/detail/CVE-2021-22901 > commit修复链接: > https://github.com/curl/curl/commit/7f4a9a9b2a49547eae24d2e19bc5c346e9026479 修复方法： replace the lines at 864-865: ``` if(conn) Curl_llist_remove(&conn->easyq,...

ltcdCai

Contact Details [email protected] What happened? 我通过使用V1SCAN（一个扫描存在于复用代码中1-Day漏洞的工具），发现您的项目中Harmonykernel/KAL/LiteOS/Huawei_LiteOS/components/security/mbedtls/mbedtls-2.6.0/library文件夹下的`ssl_cli.c`文件和`ecdsa.c`文件可能存在漏洞, 具体参考链接如下： CVE-2019-16910 in `ecdsa.c`: 相关触发逻辑类似https://github.com/advisories/GHSA-jg4p-c829-4q39 NVD说明链接： https://nvd.nist.gov/vuln/detail/CVE-2019-16910 commit修复链接: https://github.com/Mbed-TLS/mbedtls/commit/027f84c69f4ef30c0693832a6c396ef19e563ca1 Since this is resulted mainly by reusing a file in older version, it is recommended...

ltcdCai

Contact Details [email protected] What happened? 我通过使用V1SCAN（一个扫描存在于复用代码中1-Day漏洞的工具），发现您的项目中Openharmonyv1.0/third_party/openssl/test文件夹下的`sm2_internal_test.c`文件可能存在漏洞, 具体参考链接如下： CVE-2021-3711 in `sm2_internal_test.c`: 相关触发逻辑类似https://github.com/advisories/GHSA-5ww6-px42-wc85 NVD说明链接： https://nvd.nist.gov/vuln/detail/CVE-2021-3711 Replace the line 188 `if (!TEST_true(sm2_plaintext_size(key, digest, ctext_len, &ptext_len))` with the following line: `if (!TEST_true(sm2_plaintext_size(ctext, ctext_len, &ptext_len))`...

ltcdCai