CVE-2025-32366

MEDIUM Year: 2025
CVSS v3 Score
4.8
Medium
Weakness Type
CWE-130
View all →

Vulnerability Description

In ConnMan through 1.44, parse_rr in dnsproxy.c has a memcpy length that depends on an RR RDLENGTH value, i.e., *rdlen=ntohs(rr->rdlen) and memcpy(response+offset,*end,*rdlen) without a check for whether the sum of *end and *rdlen exceeds max. Consequently, *rdlen may be larger than the amount of remaining packet data in the current state of parsing. Values of stack memory locations may be sent over the network in a response.

Related Vulnerabilities

CVE-2021-27861

MEDIUM
CVSS:4.7(Medium)

Layer 2 network filtering capabilities such as IPv6 RA guard can be bypassed using LLC/SNAP headers with invalid length (and optionally VLAN0 headers)

CWE-1302021

CVE-2021-27862

MEDIUM
CVSS:4.7(Medium)

Layer 2 network filtering capabilities such as IPv6 RA guard can be bypassed using LLC/SNAP headers with invalid length and Ethernet to Wifi frame conversion (and optionally VLAN0 headers).

CWE-1302021

CVE-2024-24976

MEDIUM
CVSS:4.9(Medium)

A denial of service vulnerability exists in the OAS Engine File Data Source Configuration functionality of Open Automation Software OAS Platform V19.00.0057. A specially crafted series of network requ...

CWE-1302024

CVE-2025-23247

MEDIUM
CVSS:4.4(Medium)

NVIDIA CUDA Toolkit for all platforms contains a vulnerability in the cuobjdump binary, where a failure to check the length of a buffer could allow a user to cause the tool to crash or execute arbitra...

CWE-1302025

CVE-2022-20686

MEDIUM
CVSS:5.3(Medium)

Multiple vulnerabilities in the Link Layer Discovery Protocol (LLDP) functionality of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, remote attacker to execute ...

CWE-1302022

CVE-2022-3272

MEDIUM
CVSS:5.3(Medium)

Improper Handling of Length Parameter Inconsistency in GitHub repository ikus060/rdiffweb prior to 2.4.8.

CWE-1302022