{"id":"MGASA-2022-0319","summary":"Updated connman packages fix security vulnerability","details":"In ConnMan through 1.41, remote attackers able to send HTTP requests to\nthe gweb component are able to exploit a heap-based buffer overflow in\nreceived_data to execute code. (CVE-2022-32292)\n\nIn ConnMan through 1.41, a man-in-the-middle attack against a WISPR HTTP\nquery could be used to trigger a use-after-free in WISPR handling, leading\nto crashes or code execution. (CVE-2022-32293)\n","modified":"2026-01-30T09:21:34.927332Z","published":"2022-09-07T05:27:53Z","related":["CVE-2022-32292","CVE-2022-32293"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2022-0319.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=30698"},{"type":"REPORT","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/UWUYL7FE7EBPBC7ZEMY2Q5OKW2V6KZ5F/"}],"affected":[{"package":{"name":"connman","ecosystem":"Mageia:8","purl":"pkg:rpm/mageia/connman?arch=source&distro=mageia-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.38-2.3.mga8"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2022-0319.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}