Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 863425 (CVE-2022-32292, CVE-2022-32293)

Summary: <net-misc/connman-1.42_pre20220801: multiple vulnerabilities
Product: Gentoo Security Reporter: John Helmert III <ajak>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: IN_PROGRESS ---    
Severity: major CC: bkohler
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: B1 [glsa?]
Package list:
Runtime testing required: ---

Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-08-03 17:34:52 UTC 
CVE-2022-32292 (https://bugzilla.suse.com/show_bug.cgi?id=1200189):
https://lore.kernel.org/connman/20220801080043.4861-5-wagi@monom.org/

In ConnMan through 1.41, remote attackers able to send HTTP requests to the gweb component are able to exploit a heap-based buffer overflow in received_data to execute code.

CVE-2022-32293 (https://lore.kernel.org/connman/20220801080043.4861-3-wagi@monom.org/):
https://lore.kernel.org/connman/20220801080043.4861-1-wagi@monom.org/
https://bugzilla.suse.com/show_bug.cgi?id=1200190

In ConnMan through 1.41, a man-in-the-middle attack against a WISPR HTTP query could be used to trigger a use-after-free in WISPR handling, leading to crashes or code execution.

Patches upstream, but unreleased.
Comment 1 Larry the Git Cow gentoo-dev 2022-08-09 10:55:00 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1fe59ad759618bd9dfeefd69cf844cc377d78c1d

commit 1fe59ad759618bd9dfeefd69cf844cc377d78c1d
Author:     Ben Kohler <bkohler@gentoo.org>
AuthorDate: 2022-08-09 10:47:17 +0000
Commit:     Ben Kohler <bkohler@gentoo.org>
CommitDate: 2022-08-09 10:54:51 +0000

    net-misc/connman: add 1.42_pre20220801
    
    Bug: https://bugs.gentoo.org/863425
    
    Signed-off-by: Ben Kohler <bkohler@gentoo.org>

 net-misc/connman/Manifest                        |   1 +
 net-misc/connman/connman-1.42_pre20220801.ebuild | 106 +++++++++++++++++++++++
 2 files changed, 107 insertions(+)
Comment 2 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-08-10 04:41:42 UTC 
Thanks Ben! Plese stabilize if you think it's appropriate; completely fine if not.
Comment 3 Larry the Git Cow gentoo-dev 2022-08-16 15:11:39 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8f58f41039c03a297583f4dc86d1eee73c0bc9fc

commit 8f58f41039c03a297583f4dc86d1eee73c0bc9fc
Author:     Ben Kohler <bkohler@gentoo.org>
AuthorDate: 2022-08-16 15:09:25 +0000
Commit:     Ben Kohler <bkohler@gentoo.org>
CommitDate: 2022-08-16 15:10:09 +0000

    net-misc/connman: drop 1.41-r1
    
    Bug: https://bugs.gentoo.org/863425
    
    Signed-off-by: Ben Kohler <bkohler@gentoo.org>

 net-misc/connman/Manifest               |   1 -
 net-misc/connman/connman-1.41-r1.ebuild | 103 --------------------------------
 2 files changed, 104 deletions(-)