Unrated severityNVD Advisory· Published Aug 3, 2022· Updated Aug 3, 2024

CVE-2022-32292

Description

In ConnMan through 1.41, remote attackers able to send HTTP requests to the gweb component are able to exploit a heap-based buffer overflow in received_data to execute code.

Affected products

ConnMan/ConnMandescription
osv-coords5 versions
pkg:rpm/opensuse/connman&distro=openSUSE%20Leap%2015.3 pkg:rpm/opensuse/connman&distro=openSUSE%20Leap%2015.4 pkg:rpm/opensuse/connman&distro=openSUSE%20Tumbleweed pkg:rpm/suse/connman&distro=SUSE%20Package%20Hub%2015%20SP3 pkg:rpm/suse/connman&distro=SUSE%20Package%20Hub%2015%20SP4
< 1.41-bp153.2.6.1+ 4 more
- (no CPE)range: < 1.41-bp153.2.6.1
- (no CPE)range: < 1.41-bp154.2.3.1
- (no CPE)range: < 1.41-4.1
- (no CPE)range: < 1.41-bp153.2.6.1
- (no CPE)range: < 1.41-bp154.2.3.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

security.gentoo.org/glsa/202310-21mitrevendor-advisory
www.debian.org/security/2022/dsa-5231mitrevendor-advisory
bugzilla.suse.com/show_bug.cgimitre
lore.kernel.org/connman/20220801080043.4861-5-wagi%40monom.org/mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.002
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000