CVE-2022-23098 — Vulnetix

CVE-2022-23098 PUBLISHED CVSS 7.5 HIGH

An issue was discovered in the DNS proxy in Connman through 1.40. The TCP server reply implementation has an infinite loop if no data is received.

EPSS 0.08% · 23.7th percentile

Risk Scores

CVSS v3.1

7.5

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Score

0.08%

23.7th percentile

Affected Products

Vendor	Product	Versions
intel	connman	0
debian	debian_linux	11.0, 9.0
n/a	n/a	n/a

Timeline

Jan 28, 2022 CVE Published
Feb 8, 2022 EPSS Score
Apr 1, 2022 EPSS Score
May 24, 2022 EPSS Score
Jul 16, 2022 EPSS Score
Sep 7, 2022 EPSS Score
Dec 20, 2022 EPSS Score
Feb 11, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Apr 4, 2023 EPSS Score
May 26, 2023 EPSS Score
Jul 18, 2023 EPSS Score

References

https://git.kernel.org/pub/scm/network/connman/connman.git/log/ url
https://www.openwall.com/lists/oss-security/2022/01/25/1 url
[debian-lts-announce] 20220209 [SECURITY] [DLA 2915-1] connman security update mailing-list
DSA-5231 vendor-advisory
GLSA-202310-21 vendor-advisory
https://nvd.nist.gov/vuln/detail/CVE-2022-23098 advisory
https://git.kernel.org/pub/scm/network/connman/connman.git/log url

Open in Interactive Console →

$ Console Community · 100/wk Open console ›