CVE-2022-32293

2022-08-0300:00:00

ubuntu.com

connman

wispr

http

use-after-free

code execution

unix

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

0.004 Low

EPSS

Percentile

72.4%

JSON

In ConnMan through 1.41, a man-in-the-middle attack against a WISPR HTTP
query could be used to trigger a use-after-free in WISPR handling, leading
to crashes or code execution.

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchconnman< 1.35-6ubuntu0.1~esm1UNKNOWN
ubuntu20.04noarchconnman< 1.36-2ubuntu0.1UNKNOWN
ubuntu22.04noarchconnman< 1.36-2.3ubuntu0.1UNKNOWN
ubuntu16.04noarchconnman< 1.21-1.2+deb8u1ubuntu0.1~esm1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	18.04	noarch	connman	< 1.35-6ubuntu0.1~esm1	UNKNOWN
ubuntu	20.04	noarch	connman	< 1.36-2ubuntu0.1	UNKNOWN
ubuntu	22.04	noarch	connman	< 1.36-2.3ubuntu0.1	UNKNOWN
ubuntu	16.04	noarch	connman	< 1.21-1.2+deb8u1ubuntu0.1~esm1	UNKNOWN