An issue was discovered in the DNS proxy in Connman through 1.40. The TCP server reply implementation has an infinite loop if no data is received.
Weakness
The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Connman | Intel | * | 1.40 (including) |
| Connman | Ubuntu | bionic | * |
| Connman | Ubuntu | esm-apps/bionic | * |
| Connman | Ubuntu | esm-apps/focal | * |
| Connman | Ubuntu | esm-apps/jammy | * |
| Connman | Ubuntu | esm-apps/xenial | * |
| Connman | Ubuntu | focal | * |
| Connman | Ubuntu | impish | * |
| Connman | Ubuntu | jammy | * |
| Connman | Ubuntu | trusty | * |
| Connman | Ubuntu | xenial | * |
References
- https://git.kernel.org/pub/scm/network/connman/connman.git/log/
- https://lists.debian.org/debian-lts-announce/2022/02/msg00009.html
- https://security.gentoo.org/glsa/202310-21
- https://www.debian.org/security/2022/dsa-5231
- https://www.openwall.com/lists/oss-security/2022/01/25/1
- https://git.kernel.org/pub/scm/network/connman/connman.git/log/
- https://lists.debian.org/debian-lts-announce/2022/02/msg00009.html
- https://security.gentoo.org/glsa/202310-21
- https://www.debian.org/security/2022/dsa-5231
- https://www.openwall.com/lists/oss-security/2022/01/25/1