Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.8
CVSSv3

CVE-2021-33833

Published: 09/06/2021 Updated: 09/02/2022
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 668
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Intel

Vulnerability Summary

ConnMan (aka Connection Manager) 1.30 up to and including 1.39 has a stack-based buffer overflow in uncompress in dnsproxy.c via NAME, RDATA, or RDLENGTH (for A or AAAA).

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

intel connection manager

debian debian linux 9.0

Vendor Advisories

Debian CVElist Bug Report Logs: connman: CVE-2021-33833: dnsproxy: Check the length of buffers before memcpy
Debian Bug report logs - #989662 connman: CVE-2021-33833: dnsproxy: Check the length of buffers before memcpy Package: src:connman; Maintainer for src:connman is Alexander Sack <asac@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 9 Jun 2021 17:21:02 UTC Severity: grave Tags: patch, pen ...
Arch Linux Issues:
A security issue has been found in the dnsproxy component in releases 132 to 139 of connman Unpacking of NAME and RDATA/RDLENGTH fields with TYPE A/AAAA in the uncompress function uses a memcpy with insufficient bounds checking, which can overflow a stack buffer ...

Mailing Lists

Full Disclosure: connman stack buffer overflow in dnsproxy CVE-2021-33833
<!--X-Body-Begin--> <!--X-User-Header--> oss-sec mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> connman stack buffer overflow in dnsproxy CVE-2021-33833 <!--X-Subject-Header-End--> <!--X-Head-of-Message--> From: Marcus M ...

Github Repositories

https://github.com/merrychap/POC-connman

🔓 Vulnerability Research and Proof of Concept exploits for ConnMan

ConnMan ConnMan is an internet connection manager for embedded devices running the Linux operating system git - gitkernelorg/pub/scm/network/connman/connmangit/ CVE ID Score Description CVE-2021-33833 98 CRITICAL ConnMan (aka Connection Manager) 130 through 139 has a stack-based buffer overflow in uncompress in dnsproxyc via NAME, RDATA, or RDLENGTH (for

References

CWE-787http://www.openwall.com/lists/oss-security/2021/06/09/1https://lore.kernel.org/connman/https://security.gentoo.org/glsa/202107-29http://www.openwall.com/lists/oss-security/2022/01/25/1https://lists.debian.org/debian-lts-announce/2022/02/msg00009.htmlhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989662https://nvd.nist.govhttps://github.com/merrychap/POC-connmanhttps://security.archlinux.org/CVE-2021-33833
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-34377CVE-2024-20859CVE-2023-49606injectarbitrary CVE-2024-33788CVE-2024-30973IDORCVE-2024-33907
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook