CVE-2023-28488
published 2023-04-12CVE-2023-28488: client.c in gdhcp in ConnMan through 1.41 could be used by network-adjacent attackers (operating a crafted DHCP server) to cause a stack-based buffer overflow…
medium6.5CVSS 3.1
AVAACLPRNUINSUCNINAH
client.c in gdhcp in ConnMan through 1.41 could be used by network-adjacent attackers (operating a crafted DHCP server) to cause a stack-based buffer overflow and denial of service, terminating the connman process.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| connman | connman | >= 0 < 1.36-2.2+deb11u2 | 1.36-2.2+deb11u2 |
| connman | connman | >= 0 < 1.41-3 | 1.41-3 |
| connman | connman | >= 0 < 1.41-3 | 1.41-3 |
| connman | connman | >= 0 < 1.41-3 | 1.41-3 |
| connman | connman | >= 0 < 1.36-2ubuntu0.1 | 1.36-2ubuntu0.1 |
| connman | connman | >= 0 < 1.36-2.3ubuntu0.1 | 1.36-2.3ubuntu0.1 |
| connman | connman | >= 0 < 1.21-1.2+deb8u1ubuntu0.1~esm1 | 1.21-1.2+deb8u1ubuntu0.1~esm1 |
| connman | connman | >= 0 < 1.35-6ubuntu0.1~esm1 | 1.35-6ubuntu0.1~esm1 |
| debian | connman | < connman 1.41-3 (bookworm) | connman 1.41-3 (bookworm) |
| intel | connman | 0.55 – 1.41 | — |
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
osv8.8HIGH