CVE-2022-32292

Опубликовано: 03 авг. 2022

Источник: debian

Описание

In ConnMan through 1.41, remote attackers able to send HTTP requests to the gweb component are able to exploit a heap-based buffer overflow in received_data to execute code.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
connman	fixed	1.41-2		package

Примечания

https://lore.kernel.org/connman/20220801080043.4861-5-wagi@monom.org/
https://bugzilla.suse.com/show_bug.cgi?id=1200189
https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=d1a5ede5d255bde8ef707f8441b997563b9312bd

Связанные уязвимости

CVE-2022-32292

CVSS3: 9.8

ubuntu

больше 3 лет назад

In ConnMan through 1.41, remote attackers able to send HTTP requests to the gweb component are able to exploit a heap-based buffer overflow in received_data to execute code.

CVE-2022-32292

CVSS3: 9.8

nvd

больше 3 лет назад

In ConnMan through 1.41, remote attackers able to send HTTP requests to the gweb component are able to exploit a heap-based buffer overflow in received_data to execute code.

GHSA-vv44-5xgw-mx5v

CVSS3: 9.8

github

больше 3 лет назад

In ConnMan through 1.41, remote attackers able to send HTTP requests to the gweb component are able to exploit a heap-based buffer overflow in received_data to execute code.

BDU:2022-07360

CVSS3: 9.8

fstec

больше 3 лет назад

Уязвимость компонента gweb диспетчера соединений Connman, связанная с записью за границами выделенного диапазона памяти, позволяющая нарушителю выполнить произвольный код

openSUSE-SU-2022:10134-1

suse-cvrf

больше 3 лет назад

Security update for connman