- Vulnerability/
- USN-6236-1
USN-6236-1: ConnMan vulnerabilities
First published: Wed Jul 19 2023(Updated: )
It was discovered that ConnMan could be made to write out of bounds. A remote attacker could possibly use this issue to cause ConnMan to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2021-26675, CVE-2021-33833) It was discovered that ConnMan could be made to leak sensitive information via the gdhcp component. A remote attacker could possibly use this issue to obtain information for further exploitation. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. (CVE-2021-26676) It was discovered that ConnMan could be made to read out of bounds. A remote attacker could possibly use this issue to case ConnMan to crash, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. (CVE-2022-23096, CVE-2022-23097) It was discovered that ConnMan could be made to run into an infinite loop. A remote attacker could possibly use this issue to cause ConnMan to consume resources and to stop operating, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. (CVE-2022-23098) It was discovered that ConnMan could be made to write out of bounds via the gweb component. A remote attacker could possibly use this issue to cause ConnMan to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. (CVE-2022-32292) It was discovered that ConnMan did not properly manage memory under certain circumstances. A remote attacker could possibly use this issue to cause ConnMan to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. (CVE-2022-32293) It was discovered that ConnMan could be made to write out of bounds via the gdhcp component. A remote attacker could possibly use this issue to cause ConnMan to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2023-28488)
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| ubuntu/connman | <1.41-2ubuntu0.23.04.1 | 1.41-2ubuntu0.23.04.1 |
| =23.04 | ||
| All of | ||
| ubuntu/connman | <1.36-2.3ubuntu0.1 | 1.36-2.3ubuntu0.1 |
| =22.04 | ||
| All of | ||
| ubuntu/connman | <1.36-2ubuntu0.1 | 1.36-2ubuntu0.1 |
| =20.04 | ||
| All of | ||
| ubuntu/connman | <1.35-6ubuntu0.1~esm1 | 1.35-6ubuntu0.1~esm1 |
| =18.04 | ||
| All of | ||
| ubuntu/connman | <1.21-1.2+deb8u1ubuntu0.1~esm1 | 1.21-1.2+deb8u1ubuntu0.1~esm1 |
| =16.04 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://ubuntu.com/security/CVE-2021-26676
- https://ubuntu.com/security/CVE-2022-32293
- https://ubuntu.com/security/CVE-2023-28488
- https://ubuntu.com/security/CVE-2022-23098
- https://ubuntu.com/security/CVE-2021-26675
- https://ubuntu.com/security/CVE-2021-33833
- https://ubuntu.com/security/CVE-2022-23097
- https://ubuntu.com/security/CVE-2022-23096
- https://ubuntu.com/security/CVE-2022-32292
- https://launchpad.net/ubuntu/+source/connman/1.41-2ubuntu0.23.04.1
- https://launchpad.net/ubuntu/+source/connman/1.36-2.3ubuntu0.1
- https://launchpad.net/ubuntu/+source/connman/1.36-2ubuntu0.1
- https://ubuntu.com/security/notices/USN-6236-1 (Advisory)
Child vulnerabilities
(Contains the following vulnerabilities)
Frequently Asked Questions
What is the vulnerability ID for this ConnMan vulnerability?
The vulnerability ID for this ConnMan vulnerability is CVE-2021-26675.
What is the severity of CVE-2021-26675?
The severity of CVE-2021-26675 is not specified in the description.
How can a remote attacker exploit CVE-2021-26675?
A remote attacker could exploit CVE-2021-26675 to cause ConnMan to crash or execute arbitrary code.
Which versions of Ubuntu are affected by this vulnerability?
This vulnerability only affects Ubuntu 18.04 LTS and Ubuntu 20.04 LTS.
How can I fix the ConnMan vulnerability (CVE-2021-26675) on Ubuntu?
To fix the ConnMan vulnerability (CVE-2021-26675) on Ubuntu, update the connman package to version 1.41-2ubuntu0.23.04.1 for Ubuntu 20.04 LTS, or version 1.35-6ubuntu0.1~esm1 for Ubuntu 18.04 LTS.
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/title
- agent/type
- collector/usn
- source/Ubuntu
- agent/software-canonical-lookup
- package-manager/ubuntu
- vendor/ubuntu
- canonical/ubuntu ubuntu
- version/ubuntu ubuntu/23.04
- version/ubuntu ubuntu/22.04
- version/ubuntu ubuntu/20.04
- version/ubuntu ubuntu/18.04
- version/ubuntu ubuntu/16.04