Stack-based buffer overflow in dnsproxy.c in connman 1.34 and ... [CVE-2017-12865]
asked 2017-08-30 12:39:21 +0300
This post is a wiki. Anyone with karma >75 is welcome to improve it.
Although title mentions only connman v1.34 CVE text lists more (https://security-tracker.debian.org/tracker/CVE-2017-12865), e.g. 1.21, 1.33. This is exploitable when attacker controls Wi-Fi AP (public places, etc.).
It was fixed in connman 1.35. In Jämsänjoki (2.1.1.26) we have conmann 1.31.