This page lists publicly disclosed CVE vulnerabilities affecting intel connman (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2023-28488 | client.c in gdhcp in ConnMan through 1.41 could be used by network-adjacent attackers (operating a crafted DHCP server) to cause a stack-based buffer overflow and denial of service, terminating the connman process. | [email protected] | 6.5 | 0.05% | 2023-04-12 | 2025-02-08 |
| CVE-2022-32293 | In ConnMan through 1.41, a man-in-the-middle attack against a WISPR HTTP query could be used to trigger a use-after-free in WISPR handling, leading to crashes or code execution. | [email protected] | 8.1 | 0.39% | 2022-08-03 | 2024-11-21 |
| CVE-2022-32292 | In ConnMan through 1.41, remote attackers able to send HTTP requests to the gweb component are able to exploit a heap-based buffer overflow in received_data to execute code. | [email protected] | 9.8 | 1.94% | 2022-08-03 | 2024-11-21 |
| CVE-2022-23098 | An issue was discovered in the DNS proxy in Connman through 1.40. The TCP server reply implementation has an infinite loop if no data is received. | [email protected] | 7.5 | 0.08% | 2022-01-28 | 2024-11-21 |
| CVE-2022-23097 | An issue was discovered in the DNS proxy in Connman through 1.40. forward_dns_reply mishandles a strnlen call, leading to an out-of-bounds read. | [email protected] | 9.1 | 0.09% | 2022-01-28 | 2024-11-21 |
| CVE-2022-23096 | An issue was discovered in the DNS proxy in Connman through 1.40. The TCP server reply implementation lacks a check for the presence of sufficient Header Data, leading to an out-of-bounds read. | [email protected] | 9.1 | 0.08% | 2022-01-28 | 2024-11-21 |
| CVE-2021-26676 | gdhcp in ConnMan before 1.39 could be used by network-adjacent attackers to leak sensitive stack information, allowing further exploitation of bugs in gdhcp. | [email protected] | 6.5 | 0.10% | 2021-02-09 | 2024-11-21 |
| CVE-2021-26675 | A stack-based buffer overflow in dnsproxy in ConnMan before 1.39 could be used by network adjacent attackers to execute code. | [email protected] | 8.8 | 0.19% | 2021-02-09 | 2024-11-21 |
| CVE-2017-12865 | Stack-based buffer overflow in "dnsproxy.c" in connman 1.34 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted response query string passed to the "name" variable. | [email protected] | 9.8 | 5.02% | 2017-08-29 | 2026-05-13 |
| CVE-2012-6459 | ConnMan 1.3 on Tizen continues to list the bluetooth service after offline mode has been enabled, which might allow remote attackers to obtain sensitive information via Bluetooth packets. | [email protected] | 4.3 | 0.26% | 2013-01-01 | 2026-04-29 |