Stack-Based Buffer Overflow in ConnMan Network Management Software
CVE-2021-26675

8.8HIGH

Key Information:

Vendor

Intel
Status
Connman
Vendor
CVE Published:
9 February 2021

What is CVE-2021-26675?

A stack-based buffer overflow vulnerability exists in the dnsproxy component of ConnMan versions prior to 1.39. This vulnerability enables network-adjacent attackers to exploit the flaw and execute arbitrary code, potentially compromising the integrity and availability of affected systems. It is essential for users of ConnMan to apply the recommended security updates and patches to mitigate the risk posed by this vulnerability.

References

https://bugzilla.suse.com/show_bug.cgi?id=1181751
x_refsource_MISC
https://git.kernel.org/pub/scm/network/connman/connman.gi...
x_refsource_CONFIRM
https://www.openwall.com/lists/oss-security/2021/02/08/2
x_refsource_MISC

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.