Vulnerabilities > CVE-2021-26675 - Out-of-bounds Write vulnerability in multiple products
Attack vector
ADJACENT_NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
A stack-based buffer overflow in dnsproxy in ConnMan before 1.39 could be used by network adjacent attackers to execute code.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
References
- https://bugzilla.suse.com/show_bug.cgi?id=1181751
- https://bugzilla.suse.com/show_bug.cgi?id=1181751
- https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=e4079a20f617a4b076af503f6e4e8b0304c9f2cb
- https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=e4079a20f617a4b076af503f6e4e8b0304c9f2cb
- https://git.kernel.org/pub/scm/network/connman/connman.git/tree/ChangeLog
- https://git.kernel.org/pub/scm/network/connman/connman.git/tree/ChangeLog
- https://kunnamon.io/tbone/
- https://kunnamon.io/tbone/
- https://lists.debian.org/debian-lts-announce/2021/02/msg00013.html
- https://lists.debian.org/debian-lts-announce/2021/02/msg00013.html
- https://security.gentoo.org/glsa/202107-29
- https://security.gentoo.org/glsa/202107-29
- https://www.debian.org/security/2021/dsa-4847
- https://www.debian.org/security/2021/dsa-4847
- https://www.openwall.com/lists/oss-security/2021/02/08/2
- https://www.openwall.com/lists/oss-security/2021/02/08/2