CVE-2012-2322Infinite Loop in Connman

CWE-1894 documents4 sources
Severity
5.0MEDIUMNVD
EPSS
1.9%
top 16.57%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
ConnmanDebian Connman
Timeline
PublishedMay 18
Latest updateMay 17

Description

Integer overflow in the dhcpv6_get_option function in gdhcp/client.c in ConnMan before 0.85 allows remote attackers to cause a denial of service (infinite loop and crash) via an invalid length value in a DHCP packet.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

debiandebian/connman< connman 1.0-1 (bookworm)
Debianconnman/connman< 1.0-1+3
NVDconnman/connman0.84+83

🔴Vulnerability Details

2
GHSA
GHSA-r9hm-xqmv-vp84: Integer overflow in the dhcpv6_get_option function in gdhcp/client2022-05-17
OSV
CVE-2012-2322: Integer overflow in the dhcpv6_get_option function in gdhcp/client2012-05-18

📋Vendor Advisories

1
Debian
CVE-2012-2322: connman - Integer overflow in the dhcpv6_get_option function in gdhcp/client.c in ConnMan ...2012
CVE-2012-2322 — Infinite Loop in Debian Connman | cvebase