CVE-2022-23097

Опубликовано: 28 янв. 2022

Источник: debian

Описание

An issue was discovered in the DNS proxy in Connman through 1.40. forward_dns_reply mishandles a strnlen call, leading to an out-of-bounds read.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
connman	fixed	1.36-2.4		package

Примечания

https://www.openwall.com/lists/oss-security/2022/01/25/1
https://lore.kernel.org/connman/20220125090026.5108-1-wagi@monom.org/
https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=e5a313736e13c90d19085e953a26256a198e4950

Связанные уязвимости

CVE-2022-23097

CVSS3: 9.1

ubuntu

около 4 лет назад

An issue was discovered in the DNS proxy in Connman through 1.40. forward_dns_reply mishandles a strnlen call, leading to an out-of-bounds read.

CVE-2022-23097

CVSS3: 9.1

nvd

около 4 лет назад

An issue was discovered in the DNS proxy in Connman through 1.40. forward_dns_reply mishandles a strnlen call, leading to an out-of-bounds read.

GHSA-4hjq-w453-32w2

CVSS3: 9.1

github

почти 4 года назад

An issue was discovered in the DNS proxy in Connman through 1.40. forward_dns_reply mishandles a strnlen call, leading to an out-of-bounds read.

BDU:2022-03146

CVSS3: 9.1

fstec

около 4 лет назад

Уязвимость пакета dnsproxy диспетчера соединений Connman, позволяющая нарушителю получить доступ к конфиденциальной информации или вызвать отказ в обслуживании