CVE-2023-28488

Name
CVE-2023-28488
Description
client.c in gdhcp in ConnMan through 1.41 could be used by network-adjacent attackers (operating a crafted DHCP server) to cause a stack-based buffer overflow and denial of service, terminating the connman process.
NVD Severity
medium
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
MISC https://github.com/moehw/poc_exploits/tree/master/CVE-2023-28488
MISC https://kernel.googlesource.com/pub/scm/network/connman/connman/+/99e2c16ea1cced34a5dc450d76287a1c3e762138
MLIST https://lists.debian.org/debian-lts-announce/2023/04/msg00024.html
DEBIAN https://www.debian.org/security/2023/dsa-5416

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:intel:connman:*:*:*:*:*:*:*:* connman >= 0.55 <= 1.41

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
connman 3.17-community 1.41-r1 Clayton Craft <clayton@craftyguy.net> possibly vulnerable
connman 3.18-community 1.41-r4 Clayton Craft <clayton@craftyguy.net> possibly vulnerable