CVE-2025-32366
In ConnMan through 1.44, parserr in dnsproxy.c has a memcpy length that depends on an RR RDLENGTH value, i.e., rdlen=ntohsrr-rdlen and memcpyresponse+offset,end,rdlen without a check for whether the sum of end and rdlen exceeds max. Consequently, rdlen may be larger than the amount of remaining...