CVE-2025-32366Improper Handling of Length Parameter Inconsistency in Connman

CWE-130Improper Handling of Length Parameter Inconsistency4 documents4 sources
Severity
4.8MEDIUMNVD
EPSS
0.4%
top 41.72%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
ConnmanDebian Connman
Timeline
PublishedApr 5
Latest updateApr 7

Description

In ConnMan through 1.44, parse_rr in dnsproxy.c has a memcpy length that depends on an RR RDLENGTH value, i.e., *rdlen=ntohs(rr->rdlen) and memcpy(response+offset,*end,*rdlen) without a check for whether the sum of *end and *rdlen exceeds max. Consequently, *rdlen may be larger than the amount of remaining packet data in the current state of parsing. Values of stack memory locations may be sent over the network in a response.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:LExploitability: 2.2 | Impact: 2.5

Affected Packages3 packages

debiandebian/connman< connman 1.44-3 (forky)
Debianconnman/connman< 1.44-3+1
CVEListV5connman/connman1.44

🔴Vulnerability Details

2
GHSA
GHSA-9j63-jqr8-fh2v: In ConnMan through 12025-04-07
OSV
CVE-2025-32366: In ConnMan through 12025-04-05

📋Vendor Advisories

1
Debian
CVE-2025-32366: connman - In ConnMan through 1.44, parse_rr in dnsproxy.c has a memcpy length that depends...2025
CVE-2025-32366 — Debian Connman vulnerability | cvebase