5.8 Medium
CVSS2
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:A/AC:L/Au:N/C:P/I:P/A:P
8.8 High
CVSS3
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.002 Low
EPSS
Percentile
61.1%
Severity: Critical
Date : 2021-02-12
CVE-ID : CVE-2021-26675 CVE-2021-26676
Package : connman
Type : multiple issues
Remote : Yes
Link : https://security.archlinux.org/AVG-1543
The package connman before version 1.39-1 is vulnerable to multiple
issues including arbitrary code execution and information disclosure.
Upgrade to 1.39-1.
The problems have been fixed upstream in version 1.39.
None.
A security issue was found in connman 1.38. A stack buffer overflow can
be used to execute code by network adjacent attackers.
A security issue was found in connman 1.38. A stack information leak
from an uninitialised variable can lead to information disclosure to a
remote attacker. This information can be used to help exploiting
CVE-2021-26675 reliably.
A network adjacent attacker can execute arbitrary code on the affected
host.
https://bugs.archlinux.org/task/69583
https://www.openwall.com/lists/oss-security/2021/02/08/2
https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=e4079a20f617a4b076af503f6e4e8b0304c9f2cb
https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=58d397ba74873384aee449690a9070bacd5676fa
https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=a74524b3e3fad81b0fd1084ffdf9f2ea469cd9b1
https://security.archlinux.org/CVE-2021-26675
https://security.archlinux.org/CVE-2021-26676
bugs.archlinux.org/task/69583
git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=58d397ba74873384aee449690a9070bacd5676fa
git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=a74524b3e3fad81b0fd1084ffdf9f2ea469cd9b1
git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=e4079a20f617a4b076af503f6e4e8b0304c9f2cb
security.archlinux.org/AVG-1543
security.archlinux.org/CVE-2021-26675
security.archlinux.org/CVE-2021-26676
www.openwall.com/lists/oss-security/2021/02/08/2
5.8 Medium
CVSS2
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:A/AC:L/Au:N/C:P/I:P/A:P
8.8 High
CVSS3
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.002 Low
EPSS
Percentile
61.1%