CVE-2012-2322

Name of the Vulnerable Software and Affected Versions ConnMan versions prior to 1.0 ConnMan versions prior to 0.85

Description The issue is related to an integer overflow in the dhcpv6 get option function, which can cause a denial of service due to an infinite loop and crash. This can be triggered by remote attackers sending an invalid length value in a DHCP packet. Additionally, there are multiple vulnerabilities in the ConnMan package that can lead to breaches of confidentiality, integrity, and availability of protected information, and these can be exploited remotely.

Recommendations For versions prior to 0.85, update to version 0.85 or later to resolve the integer overflow issue. For versions prior to 1.0, update to version 1.0 or later to address the multiple vulnerabilities. As a temporary workaround, consider restricting access to the dhcpv6 get option function until a patch is available.