Lucene search
K
IntelConnman

10 matches found

CVE
CVE
added 2021/02/09 3:47 p.m.202 views

CVE-2021-26675

CVE-2021-26675 affects ConnMan’s DNS proxy (dnsproxy) prior to version 1.39. It is a stack-based buffer overflow that could allow a network-adjacent attacker to execute arbitrary code, as described across multiple sources (Arch Linux ASA, openSUSE update, Debian DSA/DLA, Gentoo GLSA). The issue i...

8.8CVSS8.7AI score0.01301EPSS
CVE
CVE
added 2021/02/09 3:47 p.m.194 views

CVE-2021-26676

ConnMan gdhcp flaw (CVE-2021-26676) causes a stack information leak via an uninitialized variable in the gdhcp component, affecting ConnMan versions prior to 1.39. Network-adjacent attackers could leverage the leak to facilitate further exploitation related to bugs in gdhcp. Public advisories (Op...

6.5CVSS7.1AI score0.01212EPSS
CVE
CVE
added 2022/01/28 12:0 a.m.182 views

CVE-2022-23097

ConnMan’s DNS proxy (forward_dns_reply) mishandles a strnlen call, causing an out-of-bounds read through version 1.40. Impact can include crashes or memory exposure; multiple advisories reference CVE-2022-23097. Remediation across sources varies by distro, but generally requires upgrading ConnMan...

9.1CVSS8.8AI score0.02372EPSS
CVE
CVE
added 2022/01/28 12:0 a.m.168 views

CVE-2022-23098

ConnMan (DNS proxy) vulnerability CVE-2022-23098: The TCP server reply path can loop infinitely when no data is received, causing a denial of service. Affected through ConnMan 1.40. Remediation: upgrade to fixed releases per advisories (e.g., Debian bullseye 1.36-2.2+deb11u1, Debian DLA-3144-1 1....

7.5CVSS7.3AI score0.02485EPSS
CVE
CVE
added 2022/01/28 12:0 a.m.123 views

CVE-2022-23096

ConnMan (DNS proxy) up to version 1.40 contains CVE-2022-23096: TCP server reply path lacks sufficient Header Data checks, enabling out-of-bounds reads. This could lead to denial of service or arbitrary code execution depending on the advisory. >= ConnMan 1.42 (or latest security-patched build...

9.1CVSS8.9AI score0.02598EPSS
CVE
CVE
added 2022/08/03 12:0 a.m.107 views

CVE-2022-32293

CVE-2022-32293 : In ConnMan up to 1.41, a man-in-the-middle attack against a WISPR HTTP query can trigger a use-after-free in WISPR handling, causing crashes or code execution. Affected products include ConnMan’s WISPR component; multiple advisories describe this alongside related CVEs. Remediati...

8.1CVSS8.7AI score0.01513EPSS
CVE
CVE
added 2022/08/03 12:0 a.m.95 views

CVE-2022-32292

ConnMan (through version 1.41) is vulnerable to a heap-based buffer overflow in the gweb component’s received_data function (CVE-2022-32292). Remote attackers could send HTTP requests to trigger code execution. A related issue (CVE-2022-32293) involves a WISPR handling use-after-free. Remediation...

9.8CVSS9.6AI score0.0238EPSS
CVE
CVE
added 2017/08/29 4:0 p.m.89 views

CVE-2017-12865

The CVE-2017-12865 entry describes a stack-based buffer overflow in ConnMan's dnsproxy.c (affecting ConnMan 1.34 and earlier). A crafted DNS response can crash the service or allow remote code execution, via the name variable. Public disclosures across multiple sources (GNUs/Gentoo GLSA, Debian D...

9.8CVSS9.5AI score0.05519EPSS
CVE
CVE
added 2023/04/12 12:0 a.m.89 views

CVE-2023-28488

CVE-2023-28488 affects the gdhcp client in ConnMan (up to v1.41). A network-adjacent attacker crafting DHCP server traffic can trigger a stack-based buffer overflow, causing denial of service and connman termination. Public connected documents confirm affected products and fixes by distro: Debian...

6.5CVSS6.5AI score0.00964EPSS
CVE
CVE
added 2013/01/01 3:0 p.m.47 views

CVE-2012-6459

Technical details for CVE-2012-6459 are not publicly available in the provided documents; sources repeat the same vulnerability description without specifics. Monitor for updates.

4.3CVSS6.4AI score0.01106EPSS