CVSS: 9.8EPSS: 2%CPEs: 2EXPL: 0CVE-2022-32292 – ConnMan received_data Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-32292
In ConnMan through 1.41, remote attackers able to send HTTP requests to the gweb component are able to exploit a heap-based buffer overflow in received_data to execute code. En ConnMan versiones hasta 1.41, los atacantes remotos capaces de enviar peticiones HTTP al componente gweb pueden explotar un desbordamiento de búfer en la región heap de la memoria en la función received_data para ejecutar código This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installation of ConnMan. Authentication is not required to exploit this vulnerability. The specific flaw exists within the received_data method. Crafted data in a HTTP response can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the ConnMan process. This vulnerability was demonstrated on a Tesla Model 3 during Pwn2Own 2022 Vancouver competition. • https://bugzilla.suse.com/show_bug.cgi?id=1200189 https://lore.kernel.org/connman/20220801080043.4861-5-wagi%40monom.org https://security.gentoo.org/glsa/202310-21 https://www.debian.org/security/2022/dsa-5231 • CWE-787: Out-of-bounds Write •
CVSS: 8.1EPSS: 0%CPEs: 2EXPL: 0CVE-2022-32293 – ConnMan wispr_portal_web_result wp_object Double Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-32293
In ConnMan through 1.41, a man-in-the-middle attack against a WISPR HTTP query could be used to trigger a use-after-free in WISPR handling, leading to crashes or code execution. En ConnMan versiones hasta 1.41, un ataque de tipo "man-in-the-middle" contra una consulta HTTP WISPR podría ser usado para desencadenar un uso de memoria previamente liberada en el manejo de WISPR, conllevando a bloqueos o ejecución de código This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of ConnMan. Authentication is not required to exploit this vulnerability. The specific flaw exists within the wispr_portal_web_result method. The issue results from the lack of validating the existence of an object prior to performing further free operations on the object. An attacker can leverage this vulnerability to execute code in the context of the ConnMan process. This vulnerability was demonstrated on a Tesla Model 3 during Pwn2Own 2022 Vancouver competition. • https://bugzilla.suse.com/show_bug.cgi?id=1200190 https://lore.kernel.org/connman/20220801080043.4861-1-wagi%40monom.org https://lore.kernel.org/connman/20220801080043.4861-3-wagi%40monom.org https://security.gentoo.org/glsa/202310-21 https://www.debian.org/security/2022/dsa-5231 • CWE-416: Use After Free •
CVSS: 9.1EPSS: 0%CPEs: 3EXPL: 1CVE-2022-23096
https://notcve.org/view.php?id=CVE-2022-23096
An issue was discovered in the DNS proxy in Connman through 1.40. The TCP server reply implementation lacks a check for the presence of sufficient Header Data, leading to an out-of-bounds read. Se ha detectado un problema en el proxy DNS en Connman versiones hasta 1.40. La implementación de la respuesta del servidor TCP carece de una comprobación de la presencia de suficientes datos de encabezado, conllevando a una lectura fuera de límites • https://git.kernel.org/pub/scm/network/connman/connman.git/log https://lists.debian.org/debian-lts-announce/2022/02/msg00009.html https://security.gentoo.org/glsa/202310-21 https://www.debian.org/security/2022/dsa-5231 https://www.openwall.com/lists/oss-security/2022/01/25/1 • CWE-125: Out-of-bounds Read •
CVSS: 9.1EPSS: 0%CPEs: 3EXPL: 1CVE-2022-23097
https://notcve.org/view.php?id=CVE-2022-23097
An issue was discovered in the DNS proxy in Connman through 1.40. forward_dns_reply mishandles a strnlen call, leading to an out-of-bounds read. Se ha detectado un problema en el proxy DNS en Connman versiones hasta 1.40. La función forward_dns_reply maneja inapropiadamente una llamada a strnlen, conllevando a una lectura fuera de límites • https://git.kernel.org/pub/scm/network/connman/connman.git/log https://lists.debian.org/debian-lts-announce/2022/02/msg00009.html https://security.gentoo.org/glsa/202310-21 https://www.debian.org/security/2022/dsa-5231 https://www.openwall.com/lists/oss-security/2022/01/25/1 • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 1CVE-2022-23098
https://notcve.org/view.php?id=CVE-2022-23098
An issue was discovered in the DNS proxy in Connman through 1.40. The TCP server reply implementation has an infinite loop if no data is received. Se ha detectado un problema en el proxy DNS en Connman versiones hasta 1.40. La implementación de la respuesta del servidor TCP presenta un bucle infinito si no son recibidos datos • https://git.kernel.org/pub/scm/network/connman/connman.git/log https://lists.debian.org/debian-lts-announce/2022/02/msg00009.html https://security.gentoo.org/glsa/202310-21 https://www.debian.org/security/2022/dsa-5231 https://www.openwall.com/lists/oss-security/2022/01/25/1 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •