Benedikt Schmotzle

**Name of the Vulnerable Software and Affected Versions** ConnMan versions prior to 1.39 **Description** A stack-based buffer overflow in the dnsproxy component of ConnMan could be used by network adjacent attackers to execute code. This issue allows a remote attacker to potentially execute arbitrary code. **Recommendations** For versions prior to 1.39, update to version 1.39 or later to resolve the issue. As a temporary workaround, consider restricting access to the dnsproxy component to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** ConnMan versions prior to 1.39 **Description** The issue is related to a memory release error in the gdhcp component of ConnMan, which could be exploited by network-adjacent attackers to leak sensitive stack information. This leak could potentially allow for further exploitation of bugs in gdhcp. **Recommendations** For versions prior to 1.39, update to version 1.39 or later to resolve the issue. As a temporary workaround, consider restricting network access to minimize the risk of exploitation by network-adjacent attackers.