VYPR
Critical severity9.0NVD Advisory· Published Apr 10, 2025· Updated Apr 15, 2026

CVE-2025-32743

CVE-2025-32743

Description

In ConnMan through 1.44, the lookup string in ns_resolv in dnsproxy.c can be NULL or an empty string when the TC (Truncated) bit is set in a DNS response. This allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code, because those lookup values lead to incorrect length calculations and incorrect memcpy operations.

Affected products

2
  • Connman/Connmaninferred2 versions
    <=1.44+ 1 more
    • (no CPE)range: <=1.44
    • (no CPE)range: <=1.44

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.