CVE-2021-26675

Name
CVE-2021-26675
Description
A stack-based buffer overflow in dnsproxy in ConnMan before 1.39 could be used by network adjacent attackers to execute code.
NVD Severity
high
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
Mailing List https://www.openwall.com/lists/oss-security/2021/02/08/2
Issue Tracking https://bugzilla.suse.com/show_bug.cgi?id=1181751
Release Notes https://git.kernel.org/pub/scm/network/connman/connman.git/tree/ChangeLog
Patch https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=e4079a20f617a4b076af503f6e4e8b0304c9f2cb
Mailing List https://lists.debian.org/debian-lts-announce/2021/02/msg00013.html
Third Party Advisory https://www.debian.org/security/2021/dsa-4847
MISC https://kunnamon.io/tbone/
GENTOO https://security.gentoo.org/glsa/202107-29

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:intel:connman:*:*:*:*:*:*:*:* connman >= None < 1.39

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
connman 3.13-community 1.39-r0 Clayton Craft <clayton@craftyguy.net> fixed
connman 3.14-community 1.39-r0 Clayton Craft <clayton@craftyguy.net> fixed