CVE-2022-32292 — Vulnetix

CVE-2022-32292 PUBLISHED CVSS 9.800000190734863 CRITICAL

In ConnMan through 1.41, remote attackers able to send HTTP requests to the gweb component are able to exploit a heap-based buffer overflow in received_data to execute code.

EPSS 1.94% · 83.8th percentile

Risk Scores

CVSS 3.1

9.800000190734863

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score

1.94%

83.8th percentile

Affected Products

Vendor	Product	Versions
n/a	n/a	*
intel	connman	0
debian	debian_linux	11.0

Exploit Intelligence

https://bugzilla.suse.com/show_bug.cgi?id=1200189 (circl)
https://lore.kernel.org/connman/20220801080043.4861-5-wagi%40monom.org/ (circl)
DSA-5231 (circl)
GLSA-202310-21 (circl)

Timeline

Aug 2, 2022 CVE Published
Aug 4, 2022 EPSS Score
Aug 10, 2022 EPSS Score
Sep 20, 2022 EPSS Score
Nov 5, 2022 EPSS Score
Feb 6, 2023 EPSS Score
Mar 7, 2023 EPSS Score
May 9, 2023 EPSS Score
Jun 25, 2023 EPSS Score
Sep 25, 2023 EPSS Score
Nov 11, 2023 EPSS Score
Dec 27, 2023 EPSS Score

References

https://bugzilla.suse.com/show_bug.cgi?id=1200189 url
https://lore.kernel.org/connman/20220801080043.4861-5-wagi%40monom.org/ url
DSA-5231 vendor-advisory
GLSA-202310-21 vendor-advisory
https://nvd.nist.gov/vuln/detail/CVE-2022-32292 advisory
https://lore.kernel.org/connman/20220801080043.4861-5-wagi%40monom.org url
https://lore.kernel.org/connman/20220801080043.4861-5-wagi@monom.org url

Open in Interactive Console →