CVE-2023-28488 — Out-of-bounds Write in Intel Connman

CWE-787 — Out-of-bounds Write6 documents6 sources

Severity

6.5MEDIUMNVD

EPSS

0.1%

top 77.20%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Connman Intel Connman

Timeline

PublishedApr 12

Latest updateJul 19

Description

client.c in gdhcp in ConnMan through 1.41 could be used by network-adjacent attackers (operating a crafted DHCP server) to cause a stack-based buffer overflow and denial of service, terminating the connman process.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

▶Debianconnman/connman< 1.36-2.2+deb11u2+3

▶NVDintel/connman0.55 — 1.41

Patches

Patch: github.com ↗Patch: kernel.googlesource.com ↗Patch: github.com ↗

🔴Vulnerability Details

CVEList

CVE-2023-28488: client↗2023-04-12

▶

GHSA

GHSA-vw29-hgcp-pxgr: client↗2023-04-12

▶

OSV

CVE-2023-28488: client↗2023-04-12

▶

📋Vendor Advisories

Ubuntu

ConnMan vulnerabilities↗2023-07-19

▶

Debian

CVE-2023-28488: connman - client.c in gdhcp in ConnMan through 1.41 could be used by network-adjacent atta...↗2023

▶