CVE-2022-23098
Published: 28 January 2022
An issue was discovered in the DNS proxy in Connman through 1.40. The TCP server reply implementation has an infinite loop if no data is received.
Priority
Status
Package | Release | Status |
---|---|---|
connman Launchpad, Ubuntu, Debian |
trusty |
Ignored
(end of standard support)
|
upstream |
Needs triage
|
|
xenial |
Released
(1.21-1.2+deb8u1ubuntu0.1~esm1)
Available with Ubuntu Pro |
|
bionic |
Released
(1.35-6ubuntu0.1~esm1)
Available with Ubuntu Pro |
|
focal |
Released
(1.36-2ubuntu0.1)
|
|
jammy |
Released
(1.36-2.3ubuntu0.1)
|
|
kinetic |
Not vulnerable
(1.41-2)
|
|
lunar |
Not vulnerable
(1.41-2)
|
|
impish |
Ignored
(end of life)
|
Severity score breakdown
Parameter | Value |
---|---|
Base score | 7.5 |
Attack vector | Network |
Attack complexity | Low |
Privileges required | None |
User interaction | None |
Scope | Unchanged |
Confidentiality | None |
Integrity impact | None |
Availability impact | High |
Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |