Upstream information
CVE-2022-23098 at MITRE
Description
An issue was discovered in the DNS proxy in Connman through 1.40. The TCP server reply implementation has an infinite loop if no data is received.
Overall state of this security issue: Resolved
This issue is currently rated as having important severity.
CVSS v2 Scores
| National Vulnerability Database |
Base Score | 5 |
Vector | AV:N/AC:L/Au:N/C:N/I:N/A:P |
Access Vector | Network |
Access Complexity | Low |
Authentication | None |
Confidentiality Impact | None |
Integrity Impact | None |
Availability Impact | Partial |
CVSS v3 Scores
| National Vulnerability Database | SUSE |
Base Score | 7.5 | 7.5 |
Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Attack Vector | Network | Network |
Attack Complexity | Low | Low |
Privileges Required | None | None |
User Interaction | None | None |
Scope | Unchanged | Unchanged |
Confidentiality Impact | None | None |
Integrity Impact | None | None |
Availability Impact | High | High |
CVSSv3 Version | 3.1 | 3.1 |
SUSE Bugzilla entry:
1194177 [RESOLVED / FIXED]
SUSE Security Advisories:
List of released packages
Product(s) | Fixed package version(s) | References |
SUSE Package Hub 15 SP3 | connman >= 1.41-bp153.2.3.1
connman-client >= 1.41-bp153.2.3.1
connman-devel >= 1.41-bp153.2.3.1
connman-doc >= 1.41-bp153.2.3.1
connman-nmcompat >= 1.41-bp153.2.3.1
connman-plugin-hh2serial-gps >= 1.41-bp153.2.3.1
connman-plugin-iospm >= 1.41-bp153.2.3.1
connman-plugin-l2tp >= 1.41-bp153.2.3.1
connman-plugin-openvpn >= 1.41-bp153.2.3.1
connman-plugin-polkit >= 1.41-bp153.2.3.1
connman-plugin-pptp >= 1.41-bp153.2.3.1
connman-plugin-tist >= 1.41-bp153.2.3.1
connman-plugin-vpnc >= 1.41-bp153.2.3.1
connman-plugin-wireguard >= 1.41-bp153.2.3.1
connman-test >= 1.41-bp153.2.3.1
| Patchnames: openSUSE-2022-56 |
openSUSE Leap 15.3 | connman >= 1.41-bp153.2.3.1
connman-client >= 1.41-bp153.2.3.1
connman-devel >= 1.41-bp153.2.3.1
connman-doc >= 1.41-bp153.2.3.1
connman-nmcompat >= 1.41-bp153.2.3.1
connman-plugin-hh2serial-gps >= 1.41-bp153.2.3.1
connman-plugin-iospm >= 1.41-bp153.2.3.1
connman-plugin-l2tp >= 1.41-bp153.2.3.1
connman-plugin-openvpn >= 1.41-bp153.2.3.1
connman-plugin-polkit >= 1.41-bp153.2.3.1
connman-plugin-pptp >= 1.41-bp153.2.3.1
connman-plugin-tist >= 1.41-bp153.2.3.1
connman-plugin-vpnc >= 1.41-bp153.2.3.1
connman-plugin-wireguard >= 1.41-bp153.2.3.1
connman-test >= 1.41-bp153.2.3.1
| Patchnames: openSUSE-2022-56 |
openSUSE Tumbleweed | connman >= 1.41-1.1
connman-client >= 1.41-1.1
connman-devel >= 1.41-1.1
connman-doc >= 1.41-1.1
connman-nmcompat >= 1.41-1.1
connman-plugin-hh2serial-gps >= 1.41-1.1
connman-plugin-iospm >= 1.41-1.1
connman-plugin-l2tp >= 1.41-1.1
connman-plugin-openconnect >= 1.41-1.1
connman-plugin-openvpn >= 1.41-1.1
connman-plugin-polkit >= 1.41-1.1
connman-plugin-pptp >= 1.41-1.1
connman-plugin-tist >= 1.41-1.1
connman-plugin-vpnc >= 1.41-1.1
connman-plugin-wireguard >= 1.41-1.1
connman-test >= 1.41-1.1
| Patchnames: openSUSE-Tumbleweed-2024-11792 |
SUSE Timeline for this CVE
CVE page created: Thu Dec 30 13:00:20 2021
CVE page last modified: Tue Sep 3 19:25:07 2024