Connman Security Vulnerabilities - CVSS Score 9 - 10
Stack-based buffer overflow in "dnsproxy.c" in connman 1.34 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted response query string passed to the "name" variable.
9.8CVSS
9.5AI Score
0.052EPSS
An issue was discovered in the DNS proxy in Connman through 1.40. The TCP server reply implementation lacks a check for the presence of sufficient Header Data, leading to an out-of-bounds read.
9.1CVSS
8.9AI Score
0.003EPSS
An issue was discovered in the DNS proxy in Connman through 1.40. forward_dns_reply mishandles a strnlen call, leading to an out-of-bounds read.
9.1CVSS
8.8AI Score
0.003EPSS
In ConnMan through 1.41, remote attackers able to send HTTP requests to the gweb component are able to exploit a heap-based buffer overflow in received_data to execute code.
9.8CVSS
9.6AI Score
0.021EPSS