Lucene search

[email protected]CVE-2023-28488

HistoryApr 12, 2023 - 4:15 p.m.

CVE-2023-28488

2023-04-1216:15:19

CWE-787

[email protected]

web.nvd.nist.gov

cve-2023-28488

gdhcp

connman

network security

buffer overflow

denial of service

nvd

6.5 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

6.5 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

18.8%

JSON

client.c in gdhcp in ConnMan through 1.41 could be used by network-adjacent attackers (operating a crafted DHCP server) to cause a stack-based buffer overflow and denial of service, terminating the connman process.

Affected configurations

NVD

Node

intelconnmanRange0.55–1.41

CPENameOperatorVersion
intel:connmanintel connmanle1.41

CPE	Name	Operator	Version
intel:connman	intel connman	le	1.41

References

github.com/moehw/poc_exploits/tree/master/CVE-2023-28488

kernel.googlesource.com/pub/scm/network/connman/connman/+/99e2c16ea1cced34a5dc450d76287a1c3e762138

lists.debian.org/debian-lts-announce/2023/04/msg00024.html

www.debian.org/security/2023/dsa-5416

6.5 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

6.5 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

18.8%

JSON

Related for CVE-2023-28488

mageia1 nessus5 prion1 openvas6 veracode1 debian2 debiancve1 cvelist1 alpinelinux1 osv3 nvd1 ubuntucve1 ubuntu1