diff --git a/vulntest/SSTSTestcases/2025/04/CVE-2025-24304/CVE-2025-24304.json b/vulntest/SSTSTestcases/2025/04/CVE-2025-24304/CVE-2025-24304.json new file mode 100644 index 0000000000000000000000000000000000000000..7cd84a0ac911b85e87c2b31a63dad73e7e8d13f1 --- /dev/null +++ b/vulntest/SSTSTestcases/2025/04/CVE-2025-24304/CVE-2025-24304.json @@ -0,0 +1,129 @@ +{ + "month": "2025-04", + "vulnerabilities": [ + { + "month": "2025-04", + "vul_id": { + "cve": "CVE-2025-24304", + "openharmony-sa": "" + }, + "severity": "low", + "vul_description": { + "zh": "arkcompiler_ets_runtime越界写", + "en": "arkcomputer.ets_runtime out of bounds write" + }, + "vul_impact": { + "zh": "本地攻击者可造成DOS", + "en": "Local attackers can cause DOS attacks" + }, + "disclosure": { + "zh": "https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2025/2025-04.md", + "en": "https://gitee.com/openharmony/security/blob/master/en/security-disclosure/2025/2025-04.md" + }, + "patch_info": { + "5.0.2.x": { + "patch_url": [ + "https://gitee.com/openharmony/arkcompiler_ets_runtime/commit/b9da405bb3f74abbb049debb9afde4b000da60d4" + ], + "patch_file": [ + "https://gitee.com/openharmony/arkcompiler_ets_runtime/commit/b9da405bb3f74abbb049debb9afde4b000da60d4.patch" + ], + "diff_file": [ + "https://gitee.com/openharmony/arkcompiler_ets_runtime/commit/b9da405bb3f74abbb049debb9afde4b000da60d4.diff" + ] + }, + "4.1.x": { + "patch_url": [ + "https://gitee.com/openharmony/arkcompiler_ets_runtime/commit/52dea3300a54884e42765122ec7661cbe2eef793" + ], + "patch_file": [ + "https://gitee.com/openharmony/arkcompiler_ets_runtime/commit/52dea3300a54884e42765122ec7661cbe2eef793.patch" + ], + "diff_file": [ + "https://gitee.com/openharmony/arkcompiler_ets_runtime/commit/52dea3300a54884e42765122ec7661cbe2eef793.diff" + ] + } + }, + "affected_projects": "arkcompiler_ets_runtime", + + "affected_versions": [ + "5.0.0-5.0.2", + "4.1.0-4.1.2" + ], + "affected_device": { + "mini": { + "liteos": { + "rics-v": { + "scan_strategy": { + "ssts": { + "enable": false + }, + "ists": { + "enable": false + } + } + } + } + }, + "small": { + "liteos": { + "rics-v": { + "scan_strategy": { + "ssts": { + "enable": false + }, + "ists": { + "enable": false + } + } + } + }, + "linux": { + "arm": { + "scan_strategy": { + "ssts": { + "enable": false + }, + "ists": { + "enable": false + } + } + } + } + }, + "standard": { + "linux": { + "arm": { + "scan_strategy": { + "ssts": { + "enable": false + }, + "ists": { + "enable": true, + "yara": { + "affected_files": [ + "libark_jsruntime.so" + ], + "yara_rules": [ + "CVE-2025-24304.yara" + ] + } + } + } + }, + "arm64": { + "scan_strategy": { + "ssts": { + "enable": false + }, + "ists": { + "enable": false + } + } + } + } + } + } + } + ] +} \ No newline at end of file diff --git a/vulntest/SSTSTestcases/2025/04/CVE-2025-24304/CVE-2025-24304.yara b/vulntest/SSTSTestcases/2025/04/CVE-2025-24304/CVE-2025-24304.yara new file mode 100644 index 0000000000000000000000000000000000000000..1cc231d9a63d3db87b3163728962338ee256eba8 --- /dev/null +++ b/vulntest/SSTSTestcases/2025/04/CVE-2025-24304/CVE-2025-24304.yara @@ -0,0 +1,32 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +import "console" +import "elf" + + +rule CVE_2025_24304 +{ + meta: + date = "202506024" + file = "libark_jsruntime.so" + + strings: + $string = "[a-zA-Z_\\-/]*" nocase wide ascii + + condition: + not $string and console.log("CVE-2025-24304 testcase pass") +} \ No newline at end of file