Vulnerabilities > Intel > Connman > 1.3
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-04-12 | CVE-2023-28488 | Out-of-bounds Write vulnerability in Intel Connman client.c in gdhcp in ConnMan through 1.41 could be used by network-adjacent attackers (operating a crafted DHCP server) to cause a stack-based buffer overflow and denial of service, terminating the connman process. | 6.5 |
| 2022-08-03 | CVE-2022-32292 | Out-of-bounds Write vulnerability in multiple products In ConnMan through 1.41, remote attackers able to send HTTP requests to the gweb component are able to exploit a heap-based buffer overflow in received_data to execute code. | 9.8 |
| 2022-08-03 | CVE-2022-32293 | Use After Free vulnerability in multiple products In ConnMan through 1.41, a man-in-the-middle attack against a WISPR HTTP query could be used to trigger a use-after-free in WISPR handling, leading to crashes or code execution. | 8.1 |
| 2022-01-28 | CVE-2022-23096 | Out-of-bounds Read vulnerability in multiple products An issue was discovered in the DNS proxy in Connman through 1.40. | 9.1 |
| 2022-01-28 | CVE-2022-23097 | Out-of-bounds Read vulnerability in multiple products An issue was discovered in the DNS proxy in Connman through 1.40. | 9.1 |
| 2022-01-28 | CVE-2022-23098 | Infinite Loop vulnerability in multiple products An issue was discovered in the DNS proxy in Connman through 1.40. | 7.5 |
| 2021-02-09 | CVE-2021-26676 | gdhcp in ConnMan before 1.39 could be used by network-adjacent attackers to leak sensitive stack information, allowing further exploitation of bugs in gdhcp. | 3.3 |
| 2021-02-09 | CVE-2021-26675 | Out-of-bounds Write vulnerability in multiple products A stack-based buffer overflow in dnsproxy in ConnMan before 1.39 could be used by network adjacent attackers to execute code. | 5.8 |
| 2017-08-29 | CVE-2017-12865 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Stack-based buffer overflow in "dnsproxy.c" in connman 1.34 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted response query string passed to the "name" variable. | 7.5 |
| 2013-01-01 | CVE-2012-6459 | Information Exposure vulnerability in Intel Connman 1.3 ConnMan 1.3 on Tizen continues to list the bluetooth service after offline mode has been enabled, which might allow remote attackers to obtain sensitive information via Bluetooth packets. | 4.3 |