Unrated severityNVD Advisory· Published Aug 3, 2022· Updated Aug 3, 2024

CVE-2022-32293

Description

In ConnMan through 1.41, a man-in-the-middle attack against a WISPR HTTP query could be used to trigger a use-after-free in WISPR handling, leading to crashes or code execution.

Affected products

ConnMan/ConnMandescription
osv-coords5 versions
pkg:rpm/opensuse/connman&distro=openSUSE%20Leap%2015.3 pkg:rpm/opensuse/connman&distro=openSUSE%20Leap%2015.4 pkg:rpm/opensuse/connman&distro=openSUSE%20Tumbleweed pkg:rpm/suse/connman&distro=SUSE%20Package%20Hub%2015%20SP3 pkg:rpm/suse/connman&distro=SUSE%20Package%20Hub%2015%20SP4
< 1.41-bp153.2.6.1+ 4 more
- (no CPE)range: < 1.41-bp153.2.6.1
- (no CPE)range: < 1.41-bp154.2.3.1
- (no CPE)range: < 1.41-4.1
- (no CPE)range: < 1.41-bp153.2.6.1
- (no CPE)range: < 1.41-bp154.2.3.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

security.gentoo.org/glsa/202310-21mitrevendor-advisory
www.debian.org/security/2022/dsa-5231mitrevendor-advisory
bugzilla.suse.com/show_bug.cgimitre
lore.kernel.org/connman/20220801080043.4861-1-wagi%40monom.org/mitre
lore.kernel.org/connman/20220801080043.4861-3-wagi%40monom.org/mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000