CVE-2021-33833Out-of-bounds Write in Connman

CWE-787Out-of-bounds Write6 documents5 sources
Severity
9.8CRITICALNVD
OSV8.8
EPSS
0.2%
top 64.21%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
ConnmanDebian ConnmanIntel Connection Manager+1 more
Timeline
PublishedJun 9
Latest updateJul 19

Description

ConnMan (aka Connection Manager) 1.30 through 1.39 has a stack-based buffer overflow in uncompress in dnsproxy.c via NAME, RDATA, or RDLENGTH (for A or AAAA).

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages4 packages

NVDintel/connection_manager1.301.39
debiandebian/connman< connman 1.36-2.2 (bookworm)
Debianconnman/connman< 1.36-2.2+3
Ubuntuconnman/connman< 1.36-2ubuntu0.1+3

Also affects: Debian Linux 9.0

🔴Vulnerability Details

3
OSV
connman vulnerabilities2023-07-19
GHSA
GHSA-h4g6-6xx4-6g88: ConnMan (aka Connection Manager) 12022-05-24
OSV
CVE-2021-33833: ConnMan (aka Connection Manager) 12021-06-09

📋Vendor Advisories

2
Ubuntu
ConnMan vulnerabilities2023-07-19
Debian
CVE-2021-33833: connman - ConnMan (aka Connection Manager) 1.30 through 1.39 has a stack-based buffer over...2021
CVE-2021-33833 — Out-of-bounds Write in Debian Connman | cvebase