CVE-2025-32743 CRITICAL

CVE-2025-32743

Vendor Connman
Product ConnMan
Weakness CWE-392
Published April 10, 2025
Last update April 10, 2025

CVSS base score

9.0/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

In ConnMan through 1.44, the lookup string in ns_resolv in dnsproxy.c can be NULL or an empty string when the TC (Truncated) bit is set in a DNS response. This allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code, because those lookup values lead to incorrect length calculations and incorrect memcpy operations.

Key dates

02Disclosure timeline

April 10, 2025 CVE published
April 10, 2025 Record updated