Vulnerability CVE-2022-32292: Information

Description

In ConnMan through 1.41, remote attackers able to send HTTP requests to the gweb component are able to exploit a heap-based buffer overflow in received_data to execute code.

Severity: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2022-32292

Published: Aug. 3, 2022

Modified: Dec. 21, 2023

Error type identifier: CWE-787

Fixed packages

Package name	Branch	Fixed in version	Version from repository	Errata ID	Task #	State
connman	sisyphus	1.42-alt1	1.42-alt1	ALT-PU-2023-4820-2	326443	Fixed
connman	sisyphus_e2k	1.42-alt1	1.42-alt1	ALT-PU-2023-7996-1	-	Fixed
connman	p10	1.42-alt1	1.42-alt1	ALT-PU-2023-5427-3	328628	Fixed
connman	p10_e2k	1.42-alt1	1.42-alt1	ALT-PU-2023-5774-1	-	Fixed
connman	c10f1	1.42-alt1	1.42-alt1	ALT-PU-2024-3980-2	342713	Fixed
connman	p11	1.42-alt1	1.42-alt1	ALT-PU-2023-4820-2	326443	Fixed

References to Advisories, Solutions, and Tools

Hyperlink	Resource
https://bugzilla.suse.com/show_bug.cgi?id=1200189	Issue Tracking Third Party Advisory
DSA-5231	Third Party Advisory
GLSA-202310-21	Third Party Advisory
https://lore.kernel.org/connman/20220801080043.4861-5-wagi%40monom.org/	Patch

Affected configurations:
1. Configuration 1
  cpe:2.3:a:intel:connman:*:*:*:*:*:*:*:*
  End including
  1.41
  
  Configuration 2
  cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*

Version: v24.5.3

Vulnerability CVE-2022-32292: Information

Description

Fixed packages

References to Advisories, Solutions, and Tools

Configuration 1

Configuration 2