10 matches found
CVE-2021-26675
CVE-2021-26675 affects ConnMan’s DNS proxy (dnsproxy) prior to version 1.39. It is a stack-based buffer overflow that could allow a network-adjacent attacker to execute arbitrary code, as described across multiple sources (Arch Linux ASA, openSUSE update, Debian DSA/DLA, Gentoo GLSA). The issue i...
CVE-2021-26676
ConnMan gdhcp flaw (CVE-2021-26676) causes a stack information leak via an uninitialized variable in the gdhcp component, affecting ConnMan versions prior to 1.39. Network-adjacent attackers could leverage the leak to facilitate further exploitation related to bugs in gdhcp. Public advisories (Op...
CVE-2022-23097
ConnMan’s DNS proxy (forward_dns_reply) mishandles a strnlen call, causing an out-of-bounds read through version 1.40. Impact can include crashes or memory exposure; multiple advisories reference CVE-2022-23097. Remediation across sources varies by distro, but generally requires upgrading ConnMan...
CVE-2022-23098
ConnMan (DNS proxy) vulnerability CVE-2022-23098: The TCP server reply path can loop infinitely when no data is received, causing a denial of service. Affected through ConnMan 1.40. Remediation: upgrade to fixed releases per advisories (e.g., Debian bullseye 1.36-2.2+deb11u1, Debian DLA-3144-1 1....
CVE-2022-23096
ConnMan (DNS proxy) up to version 1.40 contains CVE-2022-23096: TCP server reply path lacks sufficient Header Data checks, enabling out-of-bounds reads. This could lead to denial of service or arbitrary code execution depending on the advisory. >= ConnMan 1.42 (or latest security-patched build...
CVE-2022-32293
CVE-2022-32293 : In ConnMan up to 1.41, a man-in-the-middle attack against a WISPR HTTP query can trigger a use-after-free in WISPR handling, causing crashes or code execution. Affected products include ConnMan’s WISPR component; multiple advisories describe this alongside related CVEs. Remediati...
CVE-2022-32292
ConnMan (through version 1.41) is vulnerable to a heap-based buffer overflow in the gweb component’s received_data function (CVE-2022-32292). Remote attackers could send HTTP requests to trigger code execution. A related issue (CVE-2022-32293) involves a WISPR handling use-after-free. Remediation...
CVE-2017-12865
The CVE-2017-12865 entry describes a stack-based buffer overflow in ConnMan's dnsproxy.c (affecting ConnMan 1.34 and earlier). A crafted DNS response can crash the service or allow remote code execution, via the name variable. Public disclosures across multiple sources (GNUs/Gentoo GLSA, Debian D...
CVE-2023-28488
CVE-2023-28488 affects the gdhcp client in ConnMan (up to v1.41). A network-adjacent attacker crafting DHCP server traffic can trigger a stack-based buffer overflow, causing denial of service and connman termination. Public connected documents confirm affected products and fixes by distro: Debian...
CVE-2012-6459
Technical details for CVE-2012-6459 are not publicly available in the provided documents; sources repeat the same vulnerability description without specifics. Monitor for updates.