Heap-based Buffer Overflow Vulnerability in ConnMan by Intel
CVE-2022-32292

9.8CRITICAL

Key Information:

Vendor: Intel
Status: Connman
Vendor: CVE Published:; 3 August 2022

What is CVE-2022-32292?

In versions of ConnMan up to 1.41, a vulnerability exists where remote attackers can exploit the gweb component by sending crafted HTTP requests. This leads to a heap-based buffer overflow in the received_data function, potentially allowing the execution of arbitrary code. The lack of adequate validation and handling of incoming data poses significant risks, necessitating prompt mitigative actions.

References

https://bugzilla.suse.com/show_bug.cgi?id=1200189

https://lore.kernel.org/connman/20220801080043.4861-5-wag...

https://www.debian.org/security/2022/dsa-5231

vendor-advisory

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 3, 2022
Vulnerability Reserved
Jun 5, 2022