Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 832028 (CVE-2022-23096, CVE-2022-23097, CVE-2022-23098) - <net-misc/connman-1.40_p20220125: invalid memory read accesses
Summary: <net-misc/connman-1.40_p20220125: invalid memory read accesses
Status: IN_PROGRESS
Alias: CVE-2022-23096, CVE-2022-23097, CVE-2022-23098
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL: https://seclists.org/oss-sec/2022/q1/70
Whiteboard: B3 [glsa?]
Keywords:
Depends on: 834545
Blocks:
  Show dependency tree
 
Reported: 2022-01-25 10:04 UTC by filip ambroz
Modified: 2022-08-15 02:32 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description filip ambroz 2022-01-25 10:04:08 UTC
Couple of invalid memory read accesses have been found, that could possibly lead to remote DoS, remote information leaks or otherwise undefined behaviour. Furthermore, a way to trigger a 100 % CPU loop has been found.

Patches:
https://git.kernel.org/pub/scm/network/connman/connman.git
Comment 1 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-01-26 01:58:13 UTC
1) Possibly invalid memory reference in `strnlen()` call in `forward_dns_reply()` (CVE-2022-23097)
2) TCP Receive Path does not Check for Presence of Sufficient Header Data (CVE-2022-23096)
3) TCP Receive Path Triggers 100 % CPU loop if DNS server does not Send Back Data (CVE-2022-23098)
4) TCP DNS Operation is Broken due to Bad TCP Length Header
Comment 2 Larry the Git Cow gentoo-dev 2022-01-27 12:44:25 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=cb0947ef5f77d8cb7e3e6599f9f1d791f70fef6f

commit cb0947ef5f77d8cb7e3e6599f9f1d791f70fef6f
Author:     Ben Kohler <bkohler@gentoo.org>
AuthorDate: 2022-01-27 12:43:13 +0000
Commit:     Ben Kohler <bkohler@gentoo.org>
CommitDate: 2022-01-27 12:44:19 +0000

    net-misc/connman: snapshot for security fixes
    
    Bug: https://bugs.gentoo.org/832028
    Package-Manager: Portage-3.0.30, Repoman-3.0.3
    Signed-off-by: Ben Kohler <bkohler@gentoo.org>

 net-misc/connman/Manifest                      |   1 +
 net-misc/connman/connman-1.40_p20220125.ebuild | 105 +++++++++++++++++++++++++
 2 files changed, 106 insertions(+)
Comment 3 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-03-12 22:22:42 UTC
Please cleanup