4 matches found
CVE-2025-32366
A flaw was found in ConnMan's DNS proxy component. This vulnerability allows an attacker to cause a buffer overread or memory corruption via a crafted DNS response due to improper validation of the RDLENGTH field before using it in a memcpy operation. Mitigation Mitigation for this issue is eithe...
CVE-2025-32366
In ConnMan through 1.44, parserr in dnsproxy.c has a memcpy length that depends on an RR RDLENGTH value, i.e., rdlen=ntohsrr-rdlen and memcpyresponse+offset,end,rdlen without a check for whether the sum of end and rdlen exceeds max. Consequently, rdlen may be larger than the amount of remaining...
CVE-2025-32366
In ConnMan through 1.44, parserr in dnsproxy.c has a memcpy length that depends on an RR RDLENGTH value, i.e., rdlen=ntohsrr-rdlen and memcpyresponse+offset,end,rdlen without a check for whether the sum of end and rdlen exceeds max. Consequently, rdlen may be larger than the amount of remaining...
ConnMan 安全漏洞
ConnMan is an Aldebaran open source connection manager. A security vulnerability exists in ConnMan 1.44 and earlier versions, which stems from a memcpy length dependency on the RR RDLENGTH value...