CVE-2022-23098
Published: 28 January 2022
An issue was discovered in the DNS proxy in Connman through 1.40. The TCP server reply implementation has an infinite loop if no data is received.
Priority
Status
Package | Release | Status |
---|---|---|
connman Launchpad, Ubuntu, Debian |
bionic |
Released
(1.35-6ubuntu0.1~esm1)
Available with Ubuntu Pro |
focal |
Released
(1.36-2ubuntu0.1)
|
|
impish |
Ignored
(end of life)
|
|
jammy |
Released
(1.36-2.3ubuntu0.1)
|
|
kinetic |
Not vulnerable
(1.41-2)
|
|
lunar |
Not vulnerable
(1.41-2)
|
|
trusty |
Ignored
(end of standard support)
|
|
upstream |
Needs triage
|
|
xenial |
Released
(1.21-1.2+deb8u1ubuntu0.1~esm1)
Available with Ubuntu Pro |
Severity score breakdown
Parameter | Value |
---|---|
Base score | 7.5 |
Attack vector | Network |
Attack complexity | Low |
Privileges required | None |
User interaction | None |
Scope | Unchanged |
Confidentiality | None |
Integrity impact | None |
Availability impact | High |
Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |