Debian Security Advisory

DLA-3397-1 connman -- LTS security update

Date Reported:
21 Apr 2023
Affected Packages:
Security database references:
In Mitre's CVE dictionary: CVE-2023-28488.
More information:

It was discovered that there was a potential denial of service vulnerabilty in connman, a command-line network manager designed for use on embedded devices.

Network-adjacent attackers operating a crafted DHCP server could have caused a stack-based buffer overflow, resulting in a denial of service through terminating the connman process.

  • CVE-2023-28488

    client.c in gdhcp in ConnMan through 1.41 could be used by network-adjacent attackers (operating a crafted DHCP server) to cause a stack-based buffer overflow and denial of service, terminating the connman process.

For Debian 10 Buster, this problem has been fixed in version 1.36-2.1~deb10u4.

We recommend that you upgrade your connman packages.

Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: