Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
In ConnMan through 1.44, parse_rr in dnsproxy.c has a memcpy length that depends on an RR RDLENGTH value, i.e., *rdlen=ntohs(rr->rdlen) and memcpy(response+offset,*end,*rdlen) without a check for whether the sum of *end and *rdlen exceeds max. Consequently, *rdlen may be larger than the amount of remaining packet data in the current state of parsing. Values of stack memory locations may be sent over the network in a response.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L
Vulnerability Type
长度参数不一致性处理不恰当
Vulnerability Title
ConnMan 安全漏洞
Vulnerability Description
ConnMan是一种连接管理器。 ConnMan 1.44及之前版本存在安全漏洞,该漏洞源于memcpy长度依赖于RR RDLENGTH值。
CVSS Information
N/A
Vulnerability Type
N/A