CVE-2025-32743

CVE-2025-32743

Name

CVE-2025-32743

Description

In ConnMan through 1.44, the lookup string in ns_resolv in dnsproxy.c can be NULL or an empty string when the TC (Truncated) bit is set in a DNS response. This allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code, because those lookup values lead to incorrect length calculations and incorrect memcpy operations.

NVD Severity

high

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
	https://web.git.kernel.org/pub/scm/network/connman/connman.git/tree/src/dnsproxy.c?h=1.44#n1688
	https://lapis-sawfish-be3.notion.site/0-click-Vulnerability-in-Comman-1-43_v3-1cadc00d01d080b0b3b9c46a6da584cc

Type

URI

https://web.git.kernel.org/pub/scm/network/connman/connman.git/tree/src/dnsproxy.c?h=1.44#n1688

https://lapis-sawfish-be3.notion.site/0-click-Vulnerability-in-Comman-1-43_v3-1cadc00d01d080b0b3b9c46a6da584cc

CPE URI	Source package	Min version	Max version
	connman	>= 0	<= 1.44

CPE URI

Source package

Min version

Max version

connman

>= 0

<= 1.44

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
connman	edge-community	1.44-r0	Jakub Jirutka <jakub@jirutka.cz>	possibly vulnerable
connman	edge-community	1.43-r0	Jakub Jirutka <jakub@jirutka.cz>	possibly vulnerable
connman	3.22-community	1.44-r0	Jakub Jirutka <jakub@jirutka.cz>	possibly vulnerable
connman	3.22-community	1.43-r0	Jakub Jirutka <jakub@jirutka.cz>	possibly vulnerable

Source package

Branch

Version

Maintainer

Status

connman

edge-community

1.44-r0

Jakub Jirutka <jakub@jirutka.cz>

possibly vulnerable

connman

edge-community