CVE-2022-32292
ConnMan received_data Out-Of-Bounds Write Remote Code Execution Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
In ConnMan through 1.41, remote attackers able to send HTTP requests to the gweb component are able to exploit a heap-based buffer overflow in received_data to execute code.
En ConnMan versiones hasta 1.41, los atacantes remotos capaces de enviar peticiones HTTP al componente gweb pueden explotar un desbordamiento de búfer en la región heap de la memoria en la función received_data para ejecutar código
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installation of ConnMan. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the received_data method. Crafted data in a HTTP response can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the ConnMan process.
This vulnerability was demonstrated on a Tesla Model 3 during Pwn2Own 2022 Vancouver competition.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-06-05 CVE Reserved
- 2022-08-03 CVE Published
- 2024-08-03 CVE Updated
- 2024-10-25 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-787: Out-of-bounds Write
CAPEC
References (4)
URL | Tag | Source |
---|---|---|
https://bugzilla.suse.com/show_bug.cgi?id=1200189 | Issue Tracking |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://lore.kernel.org/connman/20220801080043.4861-5-wagi%40monom.org | 2023-12-21 |
URL | Date | SRC |
---|---|---|
https://security.gentoo.org/glsa/202310-21 | 2023-12-21 | |
https://www.debian.org/security/2022/dsa-5231 | 2023-12-21 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Intel Search vendor "Intel" | Connman Search vendor "Intel" for product "Connman" | <= 1.41 Search vendor "Intel" for product "Connman" and version " <= 1.41" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 11.0 Search vendor "Debian" for product "Debian Linux" and version "11.0" | - |
Affected
|