Vulnerability CVE-2017-12865


Published: 2017-08-29

Description:
Stack-based buffer overflow in "dnsproxy.c" in connman 1.34 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted response query string passed to the "name" variable.

Type:

CWE-119

(Improper Restriction of Operations within the Bounds of a Memory Buffer)

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.5/10
6.4/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Debian -> Debian linux 
Connman project -> Connman 

 References:
http://www.debian.org/security/2017/dsa-3956
http://www.securityfocus.com/bid/100498
https://01.org/security/intel-oss-10001/intel-oss-10001
https://bugzilla.redhat.com/show_bug.cgi?id=1483720
https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=5c281d182ecdd0a424b64f7698f32467f8f67b71
https://security.gentoo.org/glsa/201812-02
https://www.nri-secure.com/blog/new-iot-vulnerability-connmando

Copyright 2024, cxsecurity.com

 

Back to Top