Buffer Overflow Vulnerability in ConnMan from Vendor Impacting Network Services
CVE-2023-28488

6.5MEDIUM

Key Information:

Vendor: Intel
Status: Connman
Vendor: CVE Published:; 12 April 2023

Summary

The vulnerability in ConnMan's client.c file allows network-adjacent attackers operating a malicious DHCP server to exploit a stack-based buffer overflow. This exploitation can lead to a denial of service by terminating the ConnMan process, disrupting network services for connected devices. The issue affects versions of ConnMan prior to 1.41, highlighting the importance of keeping network service software updated and properly configured to mitigate potential attacks.

References

https://kernel.googlesource.com/pub/scm/network/connman/c...

https://github.com/moehw/poc_exploits/tree/master/CVE-202...

https://lists.debian.org/debian-lts-announce/2023/04/msg0...

mailing-list

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 12, 2023
Vulnerability Reserved
Mar 16, 2023