CVE-2022-32293Use After Free in Intel Connman

CWE-416Use After Free6 documents6 sources
Severity
8.1HIGHNVD
EPSS
0.4%
top 38.34%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
ConnmanIntel ConnmanDebian Linux
Timeline
PublishedAug 3
Latest updateJul 19

Description

In ConnMan through 1.41, a man-in-the-middle attack against a WISPR HTTP query could be used to trigger a use-after-free in WISPR handling, leading to crashes or code execution.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.2 | Impact: 5.9

Affected Packages2 packages

Debianconnman/connman< 1.36-2.2+deb11u1+3
NVDintel/connman1.41

Also affects: Debian Linux 11.0

Patches

Patch: lore.kernel.orgPatch: lore.kernel.orgPatch: lore.kernel.org

🔴Vulnerability Details

3
GHSA
GHSA-3j9x-j374-vq65: In ConnMan through 12022-08-04
CVEList
CVE-2022-32293: In ConnMan through 12022-08-03
OSV
CVE-2022-32293: In ConnMan through 12022-08-03

📋Vendor Advisories

2
Ubuntu
ConnMan vulnerabilities2023-07-19
Debian
CVE-2022-32293: connman - In ConnMan through 1.41, a man-in-the-middle attack against a WISPR HTTP query c...2022
CVE-2022-32293 — Use After Free in Intel Connman | cvebase