| CVE ID | CVE-2022-32292 |
| CVSS SCORE | 6.3, AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L |
| AFFECTED VENDORS |
ConnMan |
| AFFECTED PRODUCTS |
ConnMan |
| VULNERABILITY DETAILS |
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installation of ConnMan. Authentication is not required to exploit this vulnerability. The specific flaw exists within the received_data method. Crafted data in a HTTP response can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the ConnMan process. This vulnerability was demonstrated on a Tesla Model 3 during Pwn2Own 2022 Vancouver competition. |
| ADDITIONAL DETAILS |
ConnMan has issued an update to correct this vulnerability. More details can be found at:
https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=d1a5ede5d255bde8ef707f8441b997563b9312bd |
| DISCLOSURE TIMELINE |
|
| CREDIT | David BERARD and Vincent DEHORS from @Synacktiv |
