Published: 29/08/2017 Updated: 05/03/2020

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Stack-based buffer overflow in "dnsproxy.c" in connman 1.34 and previous versions allows remote malicious users to cause a denial of service (crash) or execute arbitrary code via a crafted response query string passed to the "name" variable.

Vulnerable Product	Search on Vulmon	Subscribe to Product
intel connman
debian debian linux 8.0

Debian Bug report logs - #872844 connman: [CVE-2017-12865] stack overflow in dns proxy feature Package: connman; Maintainer for connman is Alexander Sack <asac@debianorg>; Source for connman is src:connman (PTS, buildd, popcon) Reported by: Luciano Bello <luciano@debianorg> Date: Mon, 21 Aug 2017 19:42:01 UTC Seve ...

Security consultants in NRI Secure Technologies discovered a stack overflow vulnerability in ConnMan, a network manager for embedded devices An attacker with control of the DNS responses to the DNS proxy in ConnMan might crash the service and, in same cases, remotely execute arbitrary commands in the host running the service For the oldstable dis ...

CWE-119 https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=5c281d182ecdd0a424b64f7698f32467f8f67b71 https://bugzilla.redhat.com/show_bug.cgi?id=1483720 http://www.securityfocus.com/bid/100498 http://www.debian.org/security/2017/dsa-3956 https://www.nri-secure.com/blog/new-iot-vulnerability-connmando https://01.org/security/intel-oss-10001/intel-oss-10001 https://security.gentoo.org/glsa/201812-02 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=872844 https://nvd.nist.gov https://www.debian.org/security/./dsa-3956

CVE-2017-12865

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect