connman: Fix CVE-2025-32743 - linux/poky.git - Mirror of git.yoctoproject.org/poky

index : linux/poky.git

Mirror of git.yoctoproject.org/poky

N/A

summary refs log tree commit diff stats

path: root/scripts/lib/build_perf/scrape-html-report.js

diff options

author	Praveen Kumar <praveen.kumar@windriver.com>	2025-05-07 06:48:23 +0000
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2025-05-12 22:01:55 +0100
commit	534f92cb0a0d4a3cbf73c42488f4a5a4c8e8791c (patch)
tree	339d42879023cd2fb7d16bc5c7291fafda876840 /scripts/lib/build_perf/scrape-html-report.js
parent	a48e6883611c07d5ab5e69517c9d562902c57888 (diff)
download	poky-534f92cb0a0d4a3cbf73c42488f4a5a4c8e8791c.tar.gz

connman: Fix CVE-2025-32743

In ConnMan through 1.44, the lookup string in ns_resolv in dnsproxy.c can be NULL or an empty string when the TC (Truncated) bit is set in a DNS response. This allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code, because those lookup values lead to incorrect length calculations and incorrect memcpy operations. Reference: https://nvd.nist.gov/vuln/detail/CVE-2025-32743 Upstream-patch: https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=d90b911f6760959bdf1393c39fe8d1118315490f (From OE-Core rev: 610056dccc7144a70bcf69aec720b44bc7de7557) Signed-off-by: Praveen Kumar <praveen.kumar@windriver.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

Diffstat (limited to 'scripts/lib/build_perf/scrape-html-report.js')

0 files changed, 0 insertions, 0 deletions