CVE-2021-26675

CWE-787Out-of-bounds Write7 documents6 sources
Severity
8.8HIGH
EPSS
0.2%
top 59.62%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Intel ConnmanDebian Debian LinuxOpensuse Leap
Timeline
PublishedFeb 9
Latest updateJul 19

Description

A stack-based buffer overflow in dnsproxy in ConnMan before 1.39 could be used by network adjacent attackers to execute code.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages4 packages

NVDintel/connman< 1.39
Debianconnman< 1.36-2.1+3
Ubuntuconnman< 1.36-2ubuntu0.1+3
NVDopensuse/leap15.2

Also affects: Debian Linux 10.0, 9.0

Patches

Patch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

4
OSV
connman vulnerabilities2023-07-19
GHSA
GHSA-p5r5-rf4r-f8jm: A stack-based buffer overflow in dnsproxy in ConnMan before 12022-05-24
OSV
CVE-2021-26675: A stack-based buffer overflow in dnsproxy in ConnMan before 12021-02-09
CVEList
CVE-2021-26675: A stack-based buffer overflow in dnsproxy in ConnMan before 12021-02-09

📋Vendor Advisories

2
Ubuntu
ConnMan vulnerabilities2023-07-19
Debian
CVE-2021-26675: connman - A stack-based buffer overflow in dnsproxy in ConnMan before 1.39 could be used b...2021