Published: 28/01/2022 Updated: 21/12/2023

CVSS v2 Base Score: 6.4 | Impact Score: 4.9 | Exploitability Score: 10

CVSS v3 Base Score: 9.1 | Impact Score: 5.2 | Exploitability Score: 3.9

VMScore: 571

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:P

An issue exists in the DNS proxy in Connman up to and including 1.40. forward_dns_reply mishandles a strnlen call, leading to an out-of-bounds read.

Vulnerable Product	Search on Vulmon	Subscribe to Product
intel connman
debian debian linux 9.0
debian debian linux 11.0

Debian Bug report logs - #1004935 connman: CVE-2022-23096 CVE-2022-23097 CVE-2022-23098 Package: src:connman; Maintainer for src:connman is Alexander Sack <asac@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 3 Feb 2022 20:24:01 UTC Severity: grave Tags: security, upstream Found in ver ...

Several vulnerabilities were discovered in ConnMan, a network manager for embedded devices, which could result in denial of service or the execution of arbitrary code For the stable distribution (bullseye), these problems have been fixed in version 136-22+deb11u1 We recommend that you upgrade your connman packages For the detailed security sta ...

Severity Unknown Remote Unknown Type Unknown Description AVG-2818 connman 141-1 Unknown Unknown lorekernelorg/connman/202201250900265108-1-wagi@monomorg/ gitkernelorg/pub/scm/network/c ...

CWE-125 https://git.kernel.org/pub/scm/network/connman/connman.git/log/https://www.openwall.com/lists/oss-security/2022/01/25/1 https://lists.debian.org/debian-lts-announce/2022/02/msg00009.html https://www.debian.org/security/2022/dsa-5231 https://security.gentoo.org/glsa/202310-21 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1004935 https://nvd.nist.gov https://www.debian.org/security/2022/dsa-5231

CVE-2022-23097

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect