CVE-2022-32292

CVE-2022-32292

Name

CVE-2022-32292

Description

In ConnMan through 1.41, remote attackers able to send HTTP requests to the gweb component are able to exploit a heap-based buffer overflow in received_data to execute code.

NVD Severity

high

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
MISC	https://bugzilla.suse.com/show_bug.cgi?id=1200189
CONFIRM	https://lore.kernel.org/connman/20220801080043.4861-5-wagi@monom.org/
Third Party Advisory	https://www.debian.org/security/2022/dsa-5231

Type

URI

MISC

https://bugzilla.suse.com/show_bug.cgi?id=1200189

CONFIRM

https://lore.kernel.org/connman/20220801080043.4861-5-wagi@monom.org/

Third Party Advisory

https://www.debian.org/security/2022/dsa-5231

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:intel:connman::::::::`	connman	>= None	<= 1.41

CPE URI

Source package

Min version

Max version

cpe:2.3:a:intel:connman:*:*:*:*:*:*:*:*

connman

>= None

<= 1.41

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
connman	3.16-community	1.41-r1	Clayton Craft <clayton@craftyguy.net>	possibly vulnerable
connman	3.17-community	1.41-r1	Clayton Craft <clayton@craftyguy.net>	possibly vulnerable
connman	3.18-community	1.41-r4	Clayton Craft <clayton@craftyguy.net>	possibly vulnerable

Source package

Branch

Version

Maintainer

Status

connman

3.16-community

1.41-r1

Clayton Craft <clayton@craftyguy.net>

possibly vulnerable

connman

3.17-community