Your submission was sent successfully! Close

You have successfully unsubscribed! Close

CVE-2021-26675

Published: 9 February 2021

A stack-based buffer overflow in dnsproxy in ConnMan before 1.39 could be used by network adjacent attackers to execute code.

Priority

Medium

Cvss 3 Severity Score

8.8

Score breakdown

Status

Package Release Status
connman
Launchpad, Ubuntu, Debian
jammy Not vulnerable
(1.36-2.3build1)
kinetic Not vulnerable
(1.41-2)
lunar Not vulnerable
(1.41-2)
upstream
Released (1.36-2.1)
trusty Does not exist

bionic
Released (1.35-6ubuntu0.1~esm1)
Available with Ubuntu Pro
focal
Released (1.36-2ubuntu0.1)
groovy Ignored
(end of life)
xenial Not vulnerable
(code not present)
hirsute Ignored
(end of life)
impish Ignored
(end of life)

Severity score breakdown

Parameter Value
Base score 8.8
Attack vector Adjacent
Attack complexity Low
Privileges required None
User interaction None
Scope Unchanged
Confidentiality High
Integrity impact High
Availability impact High
Vector CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H