Source: connman X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security
Hi, The following vulnerabilities were published for connman. CVE-2022-32292[0]: | In ConnMan through 1.41, remote attackers able to send HTTP requests | to the gweb component are able to exploit a heap-based buffer overflow | in received_data to execute code. https://lore.kernel.org/connman/20220801080043.4861-5-w...@monom.org/ https://bugzilla.suse.com/show_bug.cgi?id=1200189 CVE-2022-32293[1]: | In ConnMan through 1.41, a man-in-the-middle attack against a WISPR | HTTP query could be used to trigger a use-after-free in WISPR | handling, leading to crashes or code execution. https://lore.kernel.org/connman/20220801080043.4861-1-w...@monom.org/ https://lore.kernel.org/connman/20220801080043.4861-3-w...@monom.org/ https://bugzilla.suse.com/show_bug.cgi?id=1200190 If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2022-32292 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32292 [1] https://security-tracker.debian.org/tracker/CVE-2022-32293 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32293 Please adjust the affected versions in the BTS as needed.