ConnMan denial of service | CVE-2022-23096
NAME
ConnMan denial of service
- Platforms Affected:
ConnMan ConnMan 1.40 - Risk Level:
9.1 - Exploitability:
Unproven - Consequences:
Denial of Service
DESCRIPTION
ConnMan is vulnerable to a denial of service, caused by an issue with TCP receive path does not check for presence of sufficient header data in the dnsproxy component. By sending a specially-crafted reply message from a DNS server, a remote attacker could exploit this vulnerability to cause a denial of service condition or obtain sensitive information from heap memory.
CVSS 3.0 Information
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Access Vector: Network
- Access Complexity: Low
- Confidentiality Impact: High
- Integrity Impact: None
- Availability Impact: High
- Remediation Level: Official Fix
MITIGATION
Refer to ConnMan GIT Repository for patch, upgrade or suggested workaround information. See References.
- Reference Link:
https://seclists.org/oss-sec/2022/q1/70 - Reference Link:
https://lore.kernel.org/connman/[email protected]/
If you like the site, please consider joining the telegram channel and supporting us on Patreon using the button below.