Ubuntu Security Update USN-6236-1: ConnMan vulnerabilities

LinuxBot

LinuxBot

Member
Joined
Apr 25, 2017
Messages
5,930
Reaction score
75
Credits
-1,257
It was discovered that ConnMan could be made to write out of bounds. A remote attacker could possibly use this issue to cause ConnMan to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2021-26675, CVE-2021-33833) It was discovered that ConnMan could be made to leak sensitive information via the gdhcp component. A remote attacker could possibly use this issue to obtain information for further exploitation. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. (CVE-2021-26676) It was discovered that ConnMan could be made to read out of bounds. A remote attacker could possibly use this issue to case ConnMan to crash, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. (CVE-2022-23096, CVE-2022-23097) It was discovered that ConnMan could be made to run into an infinite loop. A remote attacker could possibly use this issue to cause ConnMan to consume resources and to stop operating, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. (CVE-2022-23098) It was discovered that ConnMan could be made to write out of bounds via the gweb component. A remote attacker could possibly use this issue to cause ConnMan to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. (CVE-2022-32292) It was discovered that ConnMan did not properly manage memory under certain circumstances. A remote attacker could possibly use this issue to cause ConnMan to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. (CVE-2022-32293) It was discovered that ConnMan could be made to write out of bounds via the gdhcp component. A remote attacker could possibly use this issue to cause ConnMan to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2023-28488)

Continue reading...
 
You must log in or register to reply here.

Similar threads

LinuxBot
Ubuntu Security Update USN-8268-1: Dnsmasq vulnerabilities
Replies
0
Views
122
LinuxBot
LinuxBot
LinuxBot
Ubuntu Security Update USN-8269-1: Avahi vulnerabilities
Replies
0
Views
136
LinuxBot
LinuxBot
LinuxBot
Ubuntu Security Update USN-8147-1: libarchive vulnerabilities
Replies
0
Views
208
LinuxBot
LinuxBot
LinuxBot
Ubuntu Security Update USN-8202-1: jq vulnerabilities
Replies
0
Views
155
LinuxBot
LinuxBot
LinuxBot
Ubuntu Security Update USN-8337-1: QtSvg vulnerabilities
Replies
0
Views
72
LinuxBot
LinuxBot


Follow Linux.org

Members online

Total: 3,416 (members: 4, guests: 3,412)

Latest posts

Top