CVE-2025-32743 — Missing Report of Error Condition in Connman

CWE-392 — Missing Report of Error Condition CWE-276 — Incorrect Default Permissions5 documents5 sources

Severity

9.0CRITICALNVD

EPSS

0.5%

top 36.15%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Connman Debian Connman Msrc Cbl2 Samba ON CBL Mariner 2.0

Timeline

PublishedApr 10

Description

In ConnMan through 1.44, the lookup string in ns_resolv in dnsproxy.c can be NULL or an empty string when the TC (Truncated) bit is set in a DNS response. This allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code, because those lookup values lead to incorrect length calculations and incorrect memcpy operations.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:HExploitability: 2.2 | Impact: 6.0

Affected Packages4 packages

▶debiandebian/connman< connman 1.44-2 (forky)

▶Debianconnman/connman< 1.44-2+1

▶CVEListV5connman/connman1.44

▶msrcmsrc/cbl2_samba_on_cbl_mariner_2.0

🔴Vulnerability Details

GHSA

GHSA-r8hx-vf7j-v5q3: In ConnMan through 1↗2025-04-10

▶

OSV

CVE-2025-32743: In ConnMan through 1↗2025-04-10

▶

📋Vendor Advisories

Debian

CVE-2025-32743: connman - In ConnMan through 1.44, the lookup string in ns_resolv in dnsproxy.c can be NUL...↗2025

▶

Microsoft

Samba does not validate the Validated-DNS-Host-Name right for the dNSHostName attribute which could permit unprivileged users to write it.↗2022-09-13

▶