ConnMan Memory Leak Vulnerability in DNS Proxy Component

Vulnerability

A memory leak vulnerability has been identified in ConnMan versions through 1.44. The issue arises in the DNS proxy component, specifically within the 'parse_rr' function of 'dnsproxy.c'. The vulnerability is caused by a 'memcpy' operation that relies on the Resource Record (RR) RDLENGTH value, without properly verifying whether the data being copied exceeds the maximum allowed packet size. This oversight can lead to the unintentional transmission of stack memory contents over the network.

Impact

Exploitation of this vulnerability causes a memory leak, where sensitive stack memory data may be exposed over the network.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

2.4

impact

0.6

exploitability

6.0

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.4

impact

0.6

exploitability

6.0

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

ConnMan Memory Leak Vulnerability in DNS Proxy Component

Vulnerability

Impact

Affected Products

ConnMan

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating