CVSS: 7.8EPSS: 8%CPEs: 84EXPL: 0CVE-2012-2320
https://notcve.org/view.php?id=CVE-2012-2320
ConnMan before 0.85 does not ensure that netlink messages originate from the kernel, which allows remote attackers to bypass intended access restrictions and cause a denial of service via a crafted netlink message. ConnMan antes 0.85 no garantiza que los mensajes netlink se originen en el núcleo, lo que permite a atacantes remotos eludir restricciones de acceso y provocar una denegación de servicio a través de un mensaje netlink modificado. • http://git.kernel.org/?p=network/connman/connman.git%3Ba=commit%3Bh=b0ec6eb4466acc57a9ea8be52c17b674b6ea0618 http://git.kernel.org/?p=network/connman/connman.git%3Ba=commit%3Bh=c1b968984212b46bea1330f5ae029507b9bfded9 http://secunia.com/advisories/49033 http://secunia.com/advisories/49186 http://security.gentoo.org/glsa/glsa-201205-02.xml http://www.openwall.com/lists/oss-security/2012/05/07/10 http://www.openwall.com/lists/oss-security/2012/05/07/2 http://www.openwall.com/lists/oss-securi • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.0EPSS: 4%CPEs: 84EXPL: 0CVE-2012-2322
https://notcve.org/view.php?id=CVE-2012-2322
Integer overflow in the dhcpv6_get_option function in gdhcp/client.c in ConnMan before 0.85 allows remote attackers to cause a denial of service (infinite loop and crash) via an invalid length value in a DHCP packet. Desbordamiento de entero en la función dhcpv6_get_option en gdhcp/client.c en ConnMan antes de v0.85, permite a atacantes remotos causar una denegación de servicio (bucle infinito y caída) mediante un valor de longitud no válida en un paquete DHCP. • http://git.kernel.org/?p=network/connman/connman.git%3Ba=commitdiff%3Bh=1d1a22fe586a455935483708fbe8eaeada79df7f http://secunia.com/advisories/49033 http://secunia.com/advisories/49186 http://security.gentoo.org/glsa/glsa-201205-02.xml http://www.openwall.com/lists/oss-security/2012/05/07/10 http://www.openwall.com/lists/oss-security/2012/05/07/2 http://www.openwall.com/lists/oss-security/2012/05/07/6 http://www.osvdb.org/81706 http://www.securityfocus.com/bid/53410 h • CWE-189: Numeric Errors •