#VU50669 Memory leak in ConnMan - CVE-2021-26676

Cybersecurity Help s.r.o.

Published: 2021-02-12

Vulnerability identifier: #VU50669

Vulnerability risk: Medium

CVSSv4.0: 4.9 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2021-26676

CWE-ID: CWE-401

Exploitation vector: Local network

Exploit availability: No

Vulnerable software:
ConnMan
Universal components / Libraries / Libraries used by multiple products

Vendor: kernel.org

Description
The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due memory leak in gdhcp in ConnMan. A remote attacker on the local network can force the application to leak sensitive stack information.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

ConnMan: 0.1 - 1.38

External links
https://bugzilla.suse.com/show_bug.cgi?id=1181751
https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=58d397ba74873384aee449690a9070bacd5676fa
https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=a74524b3e3fad81b0fd1084ffdf9f2ea469cd9b1
https://git.kernel.org/pub/scm/network/connman/connman.git/tree/ChangeLog
https://lists.debian.org/debian-lts-announce/2021/02/msg00013.html
https://www.debian.org/security/2021/dsa-4847
https://www.openwall.com/lists/oss-security/2021/02/08/2

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Ubuntu update for connman

Gentoo update for ConnMan

Debian update for connman

Arch Linux update for connman

Multiple vulnerabilities in ConnMan