Loop with Unreachable Exit Condition ('Infinite Loop') Affecting connman package, versions <1.36-2.4
Snyk CVSS
Attack Complexity
Low
Availability
High
Threat Intelligence
EPSS
0.19% (56th
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-DEBIAN12-CONNMAN-2361540
- published 26 Jan 2022
- disclosed 28 Jan 2022
Introduced: 26 Jan 2022
CVE-2022-23098 Open this link in a new tabHow to fix?
Upgrade Debian:12 connman to version 1.36-2.4 or higher.
NVD Description
Note: Versions mentioned in the description apply only to the upstream connman package and not the connman package as distributed by Debian.
See How to fix? for Debian:12 relevant fixed versions and status.
An issue was discovered in the DNS proxy in Connman through 1.40. The TCP server reply implementation has an infinite loop if no data is received.
References
- https://security-tracker.debian.org/tracker/CVE-2022-23098
- https://git.kernel.org/pub/scm/network/connman/connman.git/log/
- https://www.openwall.com/lists/oss-security/2022/01/25/1
- https://lists.debian.org/debian-lts-announce/2022/02/msg00009.html
- https://www.debian.org/security/2022/dsa-5231
- https://security.gentoo.org/glsa/202310-21