CVE-2022-32293 - OpenCVE

In ConnMan through 1.41, a man-in-the-middle attack against a WISPR HTTP query could be used to trigger a use-after-free in WISPR handling, leading to crashes or code execution.

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Debian	Debian Linux
Intel	Connman

Configuration 1 [-]

cpe:2.3:a:intel:connman:*:*:*:*:*:*:*:*

Configuration 2 [-]

cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*

References

Link	Resource
https://bugzilla.suse.com/show_bug.cgi?id=1200190	Issue Tracking Third Party Advisory
https://lore.kernel.org/connman/20220801080043.4861-1-wagi%40monom.org/	Patch
https://lore.kernel.org/connman/20220801080043.4861-3-wagi%40monom.org/	Patch
https://security.gentoo.org/glsa/202310-21	Third Party Advisory
https://www.debian.org/security/2022/dsa-5231	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2022-08-03T00:00:00

Updated: 2023-10-31T07:06:14.452607

Reserved: 2022-06-05T00:00:00

Link: CVE-2022-32293

JSON object: View

NVD Information

Status : Analyzed

Published: 2022-08-03T14:15:08.667

Modified: 2023-12-21T18:51:04.713

Link: CVE-2022-32293

JSON object: View

Redhat Information

No data.

CWE

CWE-416

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:intel:connman:*:*:*:*:*:*:*:*", "matchCriteriaId": "147B3E0B-9D0F-444D-98DB-8397707DAE79", "versionEndIncluding": "1.41", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In ConnMan through 1.41, a man-in-the-middle attack against a WISPR HTTP query could be used to trigger a use-after-free in WISPR handling, leading to crashes or code execution."}, {"lang": "es", "value": "En ConnMan versiones hasta 1.41, un ataque de tipo \"man-in-the-middle\" contra una consulta HTTP WISPR podr\u00eda ser usado para desencadenar un uso de memoria previamente liberada en el manejo de WISPR, conllevando a bloqueos o ejecuci\u00f3n de c\u00f3digo"}], "id": "CVE-2022-32293", "lastModified": "2023-12-21T18:51:04.713", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-08-03T14:15:08.667", "references": [{"source": "cve@mitre.org", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.suse.com/show_bug.cgi?id=1200190"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "https://lore.kernel.org/connman/20220801080043.4861-1-wagi%40monom.org/"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "https://lore.kernel.org/connman/20220801080043.4861-3-wagi%40monom.org/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/202310-21"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2022/dsa-5231"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-416"}], "source": "nvd@nist.gov", "type": "Primary"}]}