package/connman: fix CVE-2022-3229{2,3} (2f2b4c80) · Commits · Infra Solutions / Reference Design / platsw / buildroot · GitLab

Commit 2f2b4c80 authored Dec 08, 2022 by Fabrice Fontaine Committed by Yann E. MORIN Dec 10, 2022

package/connman: fix CVE-2022-3229{2,3}

Fix CVE-2022-32292: In ConnMan through 1.41, remote attackers able to
send HTTP requests to the gweb component are able to exploit a
heap-based buffer overflow in received_data to execute code.

Fix CVE-2022-32293: In ConnMan through 1.41, a man-in-the-middle attack
against a WISPR HTTP query could be used to trigger a use-after-free in
WISPR handling, leading to crashes or code execution.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

parent 583e06a4

Hide whitespace changes

Inline Side-by-side

Thomas Abraham @thomas.abraham
mentioned in commit d5162e79
· Sep 27, 2023

mentioned in commit d5162e79

mentioned in commit d5162e790d1cc2724caf6b918dbca00971c96ae9

Toggle commit list

Please register or to comment