CVE-2022-23096

CWE-125 — Out-of-bounds Read6 documents6 sources

Severity

9.1CRITICAL

EPSS

0.1%

top 76.00%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Intel Connman Debian Debian Linux

Timeline

PublishedJan 28

Latest updateJul 19

Description

An issue was discovered in the DNS proxy in Connman through 1.40. The TCP server reply implementation lacks a check for the presence of sufficient Header Data, leading to an out-of-bounds read.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:HExploitability: 3.9 | Impact: 5.2

Affected Packages2 packages

▶Debianconnman< 1.36-2.2+deb11u1+3

▶NVDintel/connman1.40

Also affects: Debian Linux 11.0, 9.0

🔴Vulnerability Details

GHSA

GHSA-h9cr-qjg3-wh75: An issue was discovered in the DNS proxy in Connman through 1↗2022-02-10

▶

CVEList

CVE-2022-23096: An issue was discovered in the DNS proxy in Connman through 1↗2022-01-28

▶

OSV

CVE-2022-23096: An issue was discovered in the DNS proxy in Connman through 1↗2022-01-28

▶

📋Vendor Advisories

Ubuntu

ConnMan vulnerabilities↗2023-07-19

▶

Debian

CVE-2022-23096: connman - An issue was discovered in the DNS proxy in Connman through 1.40. The TCP server...↗2022

▶