Sensitive Stack Information Leak in ConnMan by Intel
CVE-2021-26676

6.5MEDIUM

Key Information:

Vendor
Intel
Status
Connman
Vendor
CVE Published:
9 February 2021

Summary

The gdhcp component in ConnMan before version 1.39 is susceptible to exploitation by network-adjacent attackers. This vulnerability allows attackers to leak sensitive stack information, potentially leading to further exploitation. By leveraging this information, attackers can target existing bugs within gdhcp, thereby amplifying the security risk. It is crucial for users of ConnMan to apply available patches and updates to mitigate this risk.

References

https://bugzilla.suse.com/show_bug.cgi?id=1181751
x_refsource_MISC
https://git.kernel.org/pub/scm/network/connman/connman.gi...
x_refsource_CONFIRM
https://www.openwall.com/lists/oss-security/2021/02/08/2
x_refsource_MISC

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.