Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-23098: connman/connman.git - Connection Manager

An issue was discovered in the DNS proxy in Connman through 1.40. The TCP server reply implementation has an infinite loop if no data is received.

CVE
#web#mac#git#c++#perl#buffer_overflow#auth#jira#wifi

AgeCommit message (Expand)AuthorFilesLines 12 dayswispr: Simplify the IP version checkHEADmasterDaniel Wagner1-5/+1 12 dayswispr: Fix context refcounting in wispr_portal_request_portal()Daniel Wagner1-5/+5 12 daysservice: Track online check for IPv4 and IPv6 separatelyDaniel Wagner1-12/+27 2022-08-28ipconfig: Don’t add invalid gateway routesDaniel Wagner1-1/+1 2022-08-28wisrp: Handle wispr_portal_detect failuresDaniel Wagner1-24/+32 2022-08-28resolver: Add path to resolv.conf to config optionsJakub Jirutka3-7/+48 2022-08-01AUTHORS: Mention Nathan’s contributionsDaniel Wagner1-0/+1 2022-08-01gweb: Fix OOB write in received_data()Nathan Crandall1-1/+1 2022-08-01wispr: Update portal context referencesDaniel Wagner1-12/+22 2022-08-01wispr: Add reference counter to portal contextDaniel Wagner1-10/+42 2022-08-01wispr: Ignore NULL proxyDaniel Wagner1-1/+1 2022-08-01wispr: Rename wispr_portal_list to wispr_portal_hashDaniel Wagner1-11/+11 2022-05-25wispr: Prevent use-after-free from __connman_wispr_stop()Seung-Woo Kim1-11/+5 2022-05-25doc: Add note SingleConnectedTechnology can’t be used with VPNDaniel Wagner1-1/+2 2022-05-16service: Add “Ethernet” property for VPN into n.c.Manager GetServicesJakub Jirutka1-1/+1 2022-05-16clock: fix time update transition auto->manualRyan Smith1-6/+3 2022-04-14wispr: Fix online check when using WPAD/PACRyan Smith1-6/+30 2022-04-14dhcp: Set proxy properly when applying DHCP leaseRyan Smith1-2/+1 2022-04-14gdhcp: fix server address byte orderRyan Smith1-1/+1 2022-04-14iwd: Fix connection with invalid passphrase formatEmmanuel VAUTRIN1-1/+3 2022-04-08AUTHORS: Mention Daniel’s contributionsDaniel Wagner1-0/+1 2022-04-08vpn: Replace hardcoded paths with RUNSTATEDIRDaniel Linjama2-3/+3 2022-04-08build: Support configurable run dir with RUNSTATEDIRDaniel Linjama2-0/+3 2022-04-08ofono: Do not change regdom when it follows timezoneJussi Laakkonen1-0/+5 2022-04-08timezone: Change regdom along timezone, use localtime configJussi Laakkonen1-5/+100 2022-04-08main: Add RegdomFollowsTimezone option for regdom changesJussi Laakkonen2-0/+19 2022-04-08main: Add path to localtime to config options.Jussi Laakkonen2-0/+22 2022-04-08timeserver: include the reason why a timeserver sync is requestedNicky Geerts4-7/+35 2022-03-07timeserver: refresh the nameservers before each lookupNicky Geerts1-41/+46 2022-03-04iwd: Forget network on service removalEmmanuel VAUTRIN5-0/+58 2022-03-04dnsproxy: add standalone test version of dnsproxy and a test script for itMatthias Gerstner4-1/+284 2022-02-27service: Check if hidden service has a pending request on agentJussi Laakkonen1-1/+4 2022-02-27agent: Add support to check for active pending requestsJussi Laakkonen4-0/+39 2022-02-27AUTHORS: Mention Sebastian’s contributionsDaniel Wagner1-0/+1 2022-02-27vpn/vpn-polkit.policy: Replace unsupported “auth_*_keep_session” by "auth_*_k…Sebastian Pipping1-2/+2 2022-02-27iwd: Fix disabling tethering not working for brcmfmacJonathan Liu1-5/+4 2022-02-27main: Set default online check URL also when no config providedDaniel Wagner1-2/+8 2022-02-21dnsproxy-test: support command line specification of dnsproxy portMatthias Gerstner1-2/+9 2022-02-21dnsproxy: support programmatic configuration of the default listen portMatthias Gerstner2-2/+9 2022-02-21.gitignore: also ignore emacs backup filesMatthias Gerstner1-0/+1 2022-02-21dnsproxy: protocol_offset: remove error return case and return size_tMatthias Gerstner1-27/+14 2022-02-21dnsproxy: remove unnecessarily shadowed variableMatthias Gerstner1-1/+1 2022-02-21dnsproxy: remove unused domain parameter from `remove_server()`Matthias Gerstner1-4/+3 2022-02-21iwd: Use same signal strength calculation as wpa_supplicantJonathan Liu1-1/+3 2022-02-21iwd: Fix typo in warning message when enabling AccessPoint modeJonathan Liu1-1/+1 2022-02-21wifi: Duplicate GSupplicantSSID pointer membersNiel Fourie2-39/+83 2022-01-28Release 1.411.41Marcel Holtmann2-1/+9 2022-01-25unit: Fix missing declarations in test-iptablesEmmanuel VAUTRIN1-2/+2 2022-01-25AUTHORS: Add Matthias’ contributionsDaniel Wagner1-0/+1 2022-01-25dnsproxy: Keep timeout in TCP case even after connection is establishedMatthias Gerstner1-5/+0 2022-01-25dnsproxy: Avoid 100 % busy loop in TCP server caseMatthias Gerstner1-0/+12 2022-01-25dnsproxy: Validate input data before using themDaniel Wagner1-5/+26 2022-01-25dnsproxy: Update TCP length headerMatthias Gerstner1-0/+3 2022-01-25main: Use g_strdup for online_check_ipv{4,6}_url configDaniel Wagner1-2/+9 2022-01-23service: Fix native connection with wrong passphraseEmmanuel VAUTRIN1-0/+9 2022-01-21iwd: Mark only reachable networks as availableEmmanuel VAUTRIN1-1/+3 2022-01-21iwd: Fix connection with no passphraseEmmanuel VAUTRIN1-0/+2 2022-01-21iwd: Fix station in scan callbackVAUTRIN Emmanuel (Canal Plus Prestataire)1-1/+1 2021-12-19AUTHORS: Mention Christian’s contributionsDaniel Wagner1-0/+1 2021-12-19ipconfig: Do not enable/disable ipv6 for all ifsChristian Taedcke1-0/+6 2021-12-19Add ObjectManager interface to connmanMichael Trimarchi1-1/+1 2021-11-18service: Support hot-plug of technologies by updating ipconfig indexJussi Laakkonen1-2/+15 2021-11-18openvpn: Improve configuration value processingJussi Laakkonen1-44/+76 2021-11-18vpn-provider: Support checking if provider setting key exists.Jussi Laakkonen2-0/+8 2021-10-26tether: Fix connman_technology_get_wifi_tetheringMichael Trimarchi1-2/+6 2021-10-20dnsproxy: Fix uninitialized false positive in dnsproxyEmmanuel VAUTRIN1-1/+1 2021-10-20tools: Fix uninitialized errors in iptables testsEmmanuel VAUTRIN2-2/+2 2021-10-20config: Cleanup of iwd provision_service_wifi()Emmanuel VAUTRIN1-4/+2 2021-10-15gsupplicant: Fix error return typeDaniel Wagner1-2/+2 2021-10-15inet: Remove unused ipv6_addr_advert_multDaniel Wagner1-7/+0 2021-10-15build: Only enable -Wcast-align for gccDaniel Wagner1-1/+3 2021-10-15client: Update the connmactl to support optional tethering channelMichael Trimarchi1-14/+46 2021-10-15tethering: Add TetheringFreq parameter documentationMichael Trimarchi1-0/+7 2021-10-15tethering: Add possibility to configure the access point frequencyMichael Trimarchi5-7/+52 2021-10-15tethering: Reduce the number of parameters of tech_set_tetheringMichael Trimarchi8-32/+33 2021-10-04AUTHORS: Mention Michael’s contributionsDaniel Wagner1-0/+1 2021-10-04manager: Add TetheringClientsChanged GBUS_SIGNALMichael Trimarchi1-0/+3 2021-10-04service: Report errors to user in native modeVAUTRIN Emmanuel (Canal Plus Prestataire)1-1/+2 2021-10-04iwd: Fix timeout error on new connectionVAUTRIN Emmanuel (Canal Plus Prestataire)1-1/+1 2021-10-04iwd: Fix improper IPv4/6 attributes when disconnectingVAUTRIN Emmanuel (Canal Plus Prestataire)1-0/+2 2021-10-04iwd: Fix missing Ethernet attributesVAUTRIN Emmanuel (Canal Plus Prestataire)1-7/+8 2021-09-13doc: Document AuthErrorLimit in VPN connection APIJussi Laakkonen1-0/+13 2021-09-13openvpn: Default to 10 AuthErrorLimit unless set by userJussi Laakkonen1-0/+9 2021-09-13vpn-provider: Add auth error check heuristic to avoid losing credsJussi Laakkonen2-0/+112 2021-09-13vpn-provider: Ignore error adding when state is idle/unknownJussi Laakkonen1-0/+15 2021-09-13vpn: Report EALREADY back to caller if VPN is already disconnectingJussi Laakkonen1-1/+2 2021-09-13gsupplicant: Add support for WPA3-Personal transition modeAriel D’Alessandro1-10/+19 2021-08-31doc: Add new openconnect input fieldsLukáš Karas1-0/+13 2021-08-30openconnect: Add support for 2nd passwordLukáš Karas2-2/+85 2021-08-30vpn: Refactor connect_reply() and handle NoCarrier -> ENOLINK errorJussi Laakkonen1-2/+12 2021-08-30vpn-provider: Implement connmand online state checkingJussi Laakkonen1-1/+356 2021-08-30service: Do not trigger wispr start when EnableOnlineCheck is disabledDaniel Wagner1-0/+6 2021-08-30service: Move wispr start code into helperDaniel Wagner1-16/+15 2021-08-29network: Do not disconnect decice on network connectDaniel Wagner1-2/+0 2021-08-29service: Prevent auto connection during passphrase requestVAUTRIN Emmanuel (Canal Plus Prestataire)1-0/+25 2021-08-29wispr: Add online check url config optionsVAUTRIN Emmanuel (Canal Plus Prestataire)5-15/+68 2021-08-29service: Fix default service update on ready stateVAUTRIN Emmanuel (Canal Plus Prestataire)1-2/+2 2021-08-29service: Ignore state information in service reorderingVAUTRIN Emmanuel (Canal Plus Prestataire)1-2/+1 2021-08-17pptp: Improve invalid auth and disconnect notify, fix cb useJussi Laakkonen1-43/+84 2021-08-17l2tp: Improve invalid auth and disconnect notify, fix cb useJussi Laakkonen1-40/+75 2021-08-17l2tp: Create control file for xl2tpdMatt Vogt1-2/+16 2021-07-28gdhcp: Do not process missing DHCP_SERVER_ID fieldsDaniel Wagner1-0/+5 2021-07-26service: service_update_preferred_order cleanupVAUTRIN Emmanuel (Canal Plus Prestataire)1-17/+5 2021-07-20AUTHORS: Fix Rahul’s email addressDaniel Wagner1-1/+1 2021-07-20main: Fix a memory leak for str_list in parse_configRahul Jain1-0/+2 2021-07-02service: apply_relevant_default_downgrade cleanupVAUTRIN Emmanuel (Canal Plus Prestataire)1-7/+3 2021-07-02service: Let PreferredTechnologies overrule connected service sortingDaniel Wagner1-13/+27 2021-06-30agent: Always inform upper layer via callbackDaniel Wagner1-1/+1 2021-06-23service: Ask for password when using native autoconnectDaniel Wagner1-1/+2 2021-06-23iwd: Do not try to handle out of memory failsDaniel Wagner1-38/+6 2021-06-23vpn-rtnl: Fix netlink message alignmentDaniel Wagner1-63/+62 2021-06-23rtnl: Fix netlink message alignmentDaniel Wagner1-63/+62 2021-06-21README: Add IRC channel infoDaniel Wagner1-0/+4 2021-06-21AUTHORS: Mention Lukáš’ contributionsDaniel Wagner1-0/+1 2021-06-21dnsproxy: Replace strncopy by memcpyLukáš Karas1-1/+1 2021-06-14AUTHORS: Mention Ariel’s contributionsDaniel Wagner1-0/+1 2021-06-14wifi: Add wpa_supplicant WPA3-SAE supportAriel D’Alessandro3-3/+57 2021-06-10Release 1.401.40Marcel Holtmann2-1/+6 2021-06-09AUTHORS: Mention Alyssa’s contributionsDaniel Wagner1-0/+1 2021-06-09README: fix typoAlyssa Ross1-1/+1 2021-06-07AUTHORS: Mention Valery’s contributionsDaniel Wagner1-0/+1 2021-06-07dnsproxy: Check the length of buffers before memcpyValery Kashcheev1-9/+11 2021-06-02README: Update mailing list infoDaniel Wagner1-2/+8 2021-05-14README: Remove the 01.org website and the 01.org JiraMarcel Holtmann1-5/+1 2021-05-13main: Cleanup of vendor class id and wifi config optionsVAUTRIN Emmanuel (Canal Plus Prestataire)7-46/+10 2021-05-05wispr: Support of common redirection status codesVAUTRIN Emmanuel (Canal Plus Prestataire)1-0/+5 2021-04-27timerserver: Fix time update manual->autoDaniel Wagner1-2/+2 2021-04-25service: Disable native autoconnect calls for providersDaniel Wagner1-2/+2 2021-04-18peer: Open code g_memdupDaniel Wagner1-1/+4 2021-04-18wifi: Open code g_memdupDaniel Wagner1-7/+18 2021-04-18Rewrite openconnect plugin to use libopenconnectSanttu Lakkala3-382/+525 2021-04-18service: Teach autoconnect algorithm native modeDaniel Wagner2-29/+56 2021-04-18network: Add __connman_network_native_autoconnect()Daniel Wagner2-0/+8 2021-04-18iwd: Filter out connect failure for auto connect modeDaniel Wagner1-1/+1 2021-04-18iwd: Init AutoConnect of know networksDaniel Wagner1-0/+26 2021-04-18service: Factor auto connect trigger code into a new functionDaniel Wagner1-34/+40 2021-04-18service: Remove unused __connman_service_disconnect_all()Daniel Wagner2-31/+0 2021-04-05wireguard: Copy interfance names obeying lengths rulesDaniel Wagner1-1/+1 2021-04-05ethernet: Copy interfance names obeying lengths rulesDaniel Wagner1-5/+7 2021-04-05ipconfig: Refactor /proc value get/set to separate functionsJussi Laakkonen1-85/+97 2021-04-05service: Sort VPNs using the transport service if connectedJussi Laakkonen1-0/+45 2021-04-05provider: Add function to get transport ident from VPNJussi Laakkonen2-0/+11 2021-04-05vpn: Return transport ident with get_property()Jussi Laakkonen1-7/+15 2021-03-27dnsproxy: Enable DNS servers on connected VPN if split routing changesJussi Laakkonen1-0/+11 2021-03-27timeserver: Fix false error messageJustin Maggard1-1/+1 2021-03-27iwd: Fix typo in error message when stopping AccessPoint modeJonathan Liu1-1/+1 2021-03-27service: Allow only user connection after WiFi failureVAUTRIN Emmanuel (Canal Plus Prestataire)1-4/+10 2021-03-27service: Fix disconnection search before connectingVAUTRIN Emmanuel (Canal Plus Prestataire)1-1/+1 2021-03-27service: Complete only after user connection retriesVAUTRIN Emmanuel (Canal Plus Prestataire)1-0/+3 2021-03-27mailmap: Update non-canonical log entriesDaniel Wagner1-0/+3 2021-02-24service: Add online to ready transition featureEmmanuel VAUTRIN6-13/+78 2021-02-22service: Fix integer type for online check intervalDaniel Wagner1-3/+3 2021-02-15service: Add online check interval config optionsVAUTRIN Emmanuel (Canal Plus Prestataire)5-19/+88 2021-02-15wifi: Reset disconnecting status of any networkVAUTRIN Emmanuel (Canal Plus Prestataire)1-1/+2 2021-02-10wifi: Check valid network in disconnect callbackVAUTRIN Emmanuel (Canal Plus Prestataire)1-1/+2 2021-02-08Release 1.391.39Marcel Holtmann2-1/+7 2021-02-05AUTHORS: Mention Colin’s contributionsDaniel Wagner1-0/+1 2021-02-05dnsproxy: Add length checks to prevent buffer overflowColin Wee1-3/+11 2021-02-05gdhcp: Avoid leaking stack data via unitiialized variableColin Wee1-1/+1 2021-02-05gdhcp: Avoid reading invalid data in dhcp_get_optionColin Wee4-20/+38 2021-02-05service: Restart online check when default service changesVAUTRIN Emmanuel (Canal Plus Prestataire)1-0/+10 2021-02-05timeserver: Reset time sync on system timeserver updateVAUTRIN Emmanuel (Canal Plus Prestataire)1-1/+2 2021-02-05clock: Add TimeSynced signal emitted when the system time has been syncedVAUTRIN Emmanuel (Canal Plus Prestataire)4-1/+67 2021-01-25AUTHORS: Mention Gabriel’s contributionsDaniel Wagner1-0/+1 2021-01-25wifi: Always disconnect connection completelyGabriel FORTE1-8/+37 2020-12-28timeserver: Split new service and configuration updateDaniel Wagner3-27/+33 2020-12-28services: Escape passphrase stringDaniel Wagner2-7/+17 2020-12-23wifi: Base BSS expiration age on long scanning intervalEmmanuel VAUTRIN1-0/+21 2020-12-22wifi: Fix wireless interface not being added to tether bridge sometimesJonathan Liu1-4/+5 2020-12-22openvpn: Update documemtation for --protoDaniel Wagner1-1/+1 2020-12-22vpnc: Do not lose credentials with VPN agent timeoutsJussi Laakkonen1-6/+15 2020-12-14vpn: Export vpn_ipconfig_foreach as linker symbolDaniel Wagner4-4/+4 2020-12-14vpn: Do not do mixed declerations and codeDaniel Wagner1-18/+14 2020-12-14src: Test return value of inet_pton consistentlyDaniel Wagner5-17/+17 2020-12-11doc: Document VPN connection SplitRouting booleanJussi Laakkonen1-1/+8 2020-12-11vpn-provider: Support SplitRouting option from connmandJussi Laakkonen1-21/+158 2020-12-11vpn-provider: Drop route management from vpndJussi Laakkonen5-100/+13 2020-12-11vpn-config: Implement function to get boolean from keyfileJussi Laakkonen2-4/+21 2020-12-11vpn: Support SplitRouting in D-Bus variables, improve route codeJussi Laakkonen1-20/+207 2020-12-11provider: Add support for managing SplitRoutingJussi Laakkonen2-0/+105 2020-12-11service: Load and apply service settings after D-Bus registrationJussi Laakkonen1-3/+3 2020-12-11service: Add property changed signal for SplitRouting valueJussi Laakkonen2-0/+25 2020-12-11service: Expose set_split_routing() for internal useJussi Laakkonen2-10/+15 2020-12-11service: Split service move functionality for internal useJussi Laakkonen2-16/+46 2020-12-11dbus: Report back the return value of g_dbus_send_message()Jussi Laakkonen1-18/+6 2020-12-11inet: Do not add broadcast address for P2P/VPNsJussi Laakkonen20-36/+123 2020-12-11inet: Refactor with getifaddrs() and add network route getter functionJussi Laakkonen2-243/+326 2020-12-11inet: Add function for detecting a default routeJussi Laakkonen2-0/+17 2020-12-11connection: Add getter for the phy index of a VPN transport serviceJussi Laakkonen2-0/+24 2020-12-11wispr: check service before stopping portal detectionSergey Matyukevich1-1/+17 2020-12-11AUTHORS: Mention Boleslaw’s contributionsDaniel Wagner1-0/+1 2020-12-11neard: Fix memory leaks with PendingCallBoleslaw Tokarski1-1/+1 2020-12-11vpn: Fix memory leaks with PendingCallBoleslaw Tokarski1-11/+30 2020-12-11vpn: Secure a race condition with flagBoleslaw Tokarski1-2/+8 2020-12-11Revert "gdhcp: Make DHCP client timeouts suspend aware"Daniel Wagner2-134/+52 2020-12-04vpn-provider: Cancel agent requests when removing VPNJussi Laakkonen1-0/+6 2020-12-04AUTHORS: Mention Emmanuel’s contributionsDaniel Wagner1-0/+1 2020-12-04services: Return error for invalid hidden namesEmmanuel Vautrin1-8/+12 2020-12-04AUTHORS: Mention Pieter’s contributionsDaniel Wagner1-0/+1 2020-12-04rtnl: Mark dsa interfaces as ethernet typePieter Cardoen1-0/+3

Related news

Gentoo Linux Security Advisory 202310-21

Gentoo Linux Security Advisory 202310-21 - Multiple vulnerabilities have been discovered in ConnMan, the worst of which can lead to remote code execution. Versions greater than or equal to 1.42_pre20220801 are affected.

Ubuntu Security Notice USN-6236-1

Ubuntu Security Notice 6236-1 - It was discovered that ConnMan could be made to write out of bounds. A remote attacker could possibly use this issue to cause ConnMan to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. It was discovered that ConnMan could be made to leak sensitive information via the gdhcp component. A remote attacker could possibly use this issue to obtain information for further exploitation. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907