rpm package
opensuse/connman&distro=openSUSE Leap 15.4
pkg:rpm/opensuse/connman&distro=openSUSE%20Leap%2015.4
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-28488 | — | < 1.42-bp154.2.6.1 | 1.42-bp154.2.6.1 | Apr 12, 2023 | client.c in gdhcp in ConnMan through 1.41 could be used by network-adjacent attackers (operating a crafted DHCP server) to cause a stack-based buffer overflow and denial of service, terminating the connman process. | ||
| CVE-2022-32293 | — | < 1.41-bp154.2.3.1 | 1.41-bp154.2.3.1 | Aug 3, 2022 | In ConnMan through 1.41, a man-in-the-middle attack against a WISPR HTTP query could be used to trigger a use-after-free in WISPR handling, leading to crashes or code execution. | ||
| CVE-2022-32292 | — | < 1.41-bp154.2.3.1 | 1.41-bp154.2.3.1 | Aug 3, 2022 | In ConnMan through 1.41, remote attackers able to send HTTP requests to the gweb component are able to exploit a heap-based buffer overflow in received_data to execute code. |
- CVE-2023-28488Apr 12, 2023affected < 1.42-bp154.2.6.1fixed 1.42-bp154.2.6.1
client.c in gdhcp in ConnMan through 1.41 could be used by network-adjacent attackers (operating a crafted DHCP server) to cause a stack-based buffer overflow and denial of service, terminating the connman process.
- CVE-2022-32293Aug 3, 2022affected < 1.41-bp154.2.3.1fixed 1.41-bp154.2.3.1
In ConnMan through 1.41, a man-in-the-middle attack against a WISPR HTTP query could be used to trigger a use-after-free in WISPR handling, leading to crashes or code execution.
- CVE-2022-32292Aug 3, 2022affected < 1.41-bp154.2.3.1fixed 1.41-bp154.2.3.1
In ConnMan through 1.41, remote attackers able to send HTTP requests to the gweb component are able to exploit a heap-based buffer overflow in received_data to execute code.