PT-2022-5938 · Connman+4 · Connman+4

Nathan Crandall

Published

2022-08-02

Updated

2024-06-15

CVE-2022-32292

CVSS v3.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions ConnMan versions 1.41 and earlier

Description The issue is related to a heap-based buffer overflow in the received data component of the gweb module in ConnMan. This can be exploited by remote attackers who can send HTTP requests to the gweb component, potentially allowing them to execute arbitrary code. The vulnerability is associated with a buffer overflow, which can lead to code execution.

Recommendations For ConnMan versions 1.41 and earlier, consider disabling the gweb component or restricting access to it until a patch is available. As a temporary workaround, avoid using the received data component in the gweb module to minimize the risk of exploitation.

Exploit

Fix

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

ALT-PU-2023-4820

ALT-PU-2023-5427

ALT-PU-2024-3980

BDU:2022-07360

CVE-2022-32292

DLA-3105-1

DSA-5231-1

MGASA-2022-0319

OPENSUSE-SU-2022:10076-1

OPENSUSE-SU-2022:10134-1

OPENSUSE-SU-2024:12221-1

USN-6236-1

ZDI-22-1187

Affected Products

Alt Linux

Astra Linux

Connman

Linuxmint

Ubuntu

PT-2022-5938 · Connman+4 · Connman+4

CVE-2022-32292

Weakness Enumeration

Related Identifiers

Affected Products

References · 49