Source: connman Version: 1.36-2.3 Severity: grave Tags: security upstream Forwarded: https://lore.kernel.org/connman/20220125090026.5108-1-w...@monom.org/ X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org> Control: found -1 1.36-2.2 Control: found -1 1.36-2.1~deb10u1 Control: found -1 1.36-2.1~deb10u2
Hi, The following vulnerabilities were published for connman. CVE-2022-23096[0]: | An issue was discovered in the DNS proxy in Connman through 1.40. The | TCP server reply implementation lacks a check for the presence of | sufficient Header Data, leading to an out-of-bounds read. CVE-2022-23097[1]: | An issue was discovered in the DNS proxy in Connman through 1.40. | forward_dns_reply mishandles a strnlen call, leading to an out-of- | bounds read. CVE-2022-23098[2]: | An issue was discovered in the DNS proxy in Connman through 1.40. The | TCP server reply implementation has an infinite loop if no data is | received. If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2022-23096 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23096 [1] https://security-tracker.debian.org/tracker/CVE-2022-23097 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23097 [2] https://security-tracker.debian.org/tracker/CVE-2022-23098 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23098 Regards, Salvatore