Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 832028 (CVE-2022-23096, CVE-2022-23097, CVE-2022-23098) - <net-misc/connman-1.40_p20220125: invalid memory read accesses
Summary: <net-misc/connman-1.40_p20220125: invalid memory read accesses
Alias: CVE-2022-23096, CVE-2022-23097, CVE-2022-23098
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
Whiteboard: B3 [glsa+]
Depends on: 834545
  Show dependency tree
Reported: 2022-01-25 10:04 UTC by filip ambroz
Modified: 2023-10-31 06:27 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description filip ambroz 2022-01-25 10:04:08 UTC
Couple of invalid memory read accesses have been found, that could possibly lead to remote DoS, remote information leaks or otherwise undefined behaviour. Furthermore, a way to trigger a 100 % CPU loop has been found.

Comment 1 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-01-26 01:58:13 UTC
1) Possibly invalid memory reference in `strnlen()` call in `forward_dns_reply()` (CVE-2022-23097)
2) TCP Receive Path does not Check for Presence of Sufficient Header Data (CVE-2022-23096)
3) TCP Receive Path Triggers 100 % CPU loop if DNS server does not Send Back Data (CVE-2022-23098)
4) TCP DNS Operation is Broken due to Bad TCP Length Header
Comment 2 Larry the Git Cow gentoo-dev 2022-01-27 12:44:25 UTC
The bug has been referenced in the following commit(s):

commit cb0947ef5f77d8cb7e3e6599f9f1d791f70fef6f
Author:     Ben Kohler <>
AuthorDate: 2022-01-27 12:43:13 +0000
Commit:     Ben Kohler <>
CommitDate: 2022-01-27 12:44:19 +0000

    net-misc/connman: snapshot for security fixes
    Package-Manager: Portage-3.0.30, Repoman-3.0.3
    Signed-off-by: Ben Kohler <>

 net-misc/connman/Manifest                      |   1 +
 net-misc/connman/connman-1.40_p20220125.ebuild | 105 +++++++++++++++++++++++++
 2 files changed, 106 insertions(+)
Comment 3 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-03-12 22:22:42 UTC
Please cleanup
Comment 4 Larry the Git Cow gentoo-dev 2023-10-31 06:25:54 UTC
The bug has been referenced in the following commit(s):

commit 31f2c2345585dd05f950ce51bc6b7227485938e0
Author:     GLSAMaker <>
AuthorDate: 2023-10-31 06:25:15 +0000
Commit:     Hans de Graaff <>
CommitDate: 2023-10-31 06:25:47 +0000

    [ GLSA 202310-21 ] ConnMan: Multiple Vulnerabilities
    Signed-off-by: GLSAMaker <>
    Signed-off-by: Hans de Graaff <>

 glsa-202310-21.xml | 47 +++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 47 insertions(+)