ConnMan Version 1.34 and earlier is vulnerable to a buffer overflow in the connection manager daemon (connmand) resulting in denial of service and potential remote code execution. Malformed DNS packet can result in a buffer overflow in the connection manager daemon’s DNS proxy service, resulting in service crash or remote code execution at the privilege of the service. The connection manager is not vulnerable if it is running with DNS proxy disabled (default is enabled).
Created connman tracking bugs for this issue:
Affects: epel-7 [bug 1488771]
Affects: fedora-all [bug 1488770]
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.