863425 – (CVE-2022-32292, CVE-2022-32293) <net-misc/connman-1.42_pre20220801: multiple vulnerabilities

Bug 863425 (CVE-2022-32292, CVE-2022-32293) - <net-misc/connman-1.42_pre20220801: multiple vulnerabilities

Summary: <net-misc/connman-1.42_pre20220801: multiple vulnerabilities

Status:	RESOLVED FIXED

Alias:	CVE-2022-32292, CVE-2022-32293

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal major
Assignee:	Gentoo Security

URL:
Whiteboard:	B1 [glsa+]
Keywords:

Depends on:
Blocks:

Reported:	2022-08-03 17:34 UTC by John Helmert III
Modified:	2023-10-31 06:27 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description John Helmert III archtester

2022-08-03 17:34:52 UTC

CVE-2022-32292 (https://bugzilla.suse.com/show_bug.cgi?id=1200189):
https://lore.kernel.org/connman/20220801080043.4861-5-wagi@monom.org/

In ConnMan through 1.41, remote attackers able to send HTTP requests to the gweb component are able to exploit a heap-based buffer overflow in received_data to execute code.

CVE-2022-32293 (https://lore.kernel.org/connman/20220801080043.4861-3-wagi@monom.org/):
https://lore.kernel.org/connman/20220801080043.4861-1-wagi@monom.org/
https://bugzilla.suse.com/show_bug.cgi?id=1200190

In ConnMan through 1.41, a man-in-the-middle attack against a WISPR HTTP query could be used to trigger a use-after-free in WISPR handling, leading to crashes or code execution.

Patches upstream, but unreleased.

Comment 1 Larry the Git Cow gentoo-dev

2022-08-09 10:55:00 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1fe59ad759618bd9dfeefd69cf844cc377d78c1d

commit 1fe59ad759618bd9dfeefd69cf844cc377d78c1d
Author:     Ben Kohler <bkohler@gentoo.org>
AuthorDate: 2022-08-09 10:47:17 +0000
Commit:     Ben Kohler <bkohler@gentoo.org>
CommitDate: 2022-08-09 10:54:51 +0000

    net-misc/connman: add 1.42_pre20220801
    
    Bug: https://bugs.gentoo.org/863425
    
    Signed-off-by: Ben Kohler <bkohler@gentoo.org>

 net-misc/connman/Manifest                        |   1 +
 net-misc/connman/connman-1.42_pre20220801.ebuild | 106 +++++++++++++++++++++++
 2 files changed, 107 insertions(+)

Comment 2 John Helmert III archtester

2022-08-10 04:41:42 UTC

Thanks Ben! Plese stabilize if you think it's appropriate; completely fine if not.

Comment 3 Larry the Git Cow gentoo-dev

2022-08-16 15:11:39 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8f58f41039c03a297583f4dc86d1eee73c0bc9fc

commit 8f58f41039c03a297583f4dc86d1eee73c0bc9fc
Author:     Ben Kohler <bkohler@gentoo.org>
AuthorDate: 2022-08-16 15:09:25 +0000
Commit:     Ben Kohler <bkohler@gentoo.org>
CommitDate: 2022-08-16 15:10:09 +0000

    net-misc/connman: drop 1.41-r1
    
    Bug: https://bugs.gentoo.org/863425
    
    Signed-off-by: Ben Kohler <bkohler@gentoo.org>

 net-misc/connman/Manifest               |   1 -
 net-misc/connman/connman-1.41-r1.ebuild | 103 --------------------------------
 2 files changed, 104 deletions(-)

Comment 4 Larry the Git Cow gentoo-dev

2023-10-31 06:25:53 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=31f2c2345585dd05f950ce51bc6b7227485938e0

commit 31f2c2345585dd05f950ce51bc6b7227485938e0
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2023-10-31 06:25:15 +0000
Commit:     Hans de Graaff <graaff@gentoo.org>
CommitDate: 2023-10-31 06:25:47 +0000

    [ GLSA 202310-21 ] ConnMan: Multiple Vulnerabilities
    
    Bug: https://bugs.gentoo.org/832028
    Bug: https://bugs.gentoo.org/863425
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: Hans de Graaff <graaff@gentoo.org>

 glsa-202310-21.xml | 47 +++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 47 insertions(+)