CVE-2017-12865

CRITICAL

connman < 1.34 - Stack-based Buffer Overflow in dnsproxy.c

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-12865. PoCs published by ManaswiJaiswal.

AI-analyzed exploit summary This repository contains a proof-of-concept for CVE-2017-12865, a vulnerability in ConnMan 1.34. The exploit appears to target a D-Bus-related issue, likely involving improper input validation or privilege escalation via D-Bus method calls.

Description

Stack-based buffer overflow in "dnsproxy.c" in connman 1.34 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted response query string passed to the "name" variable.

Exploits (1)

nomisec WORKING POC

by ManaswiJaiswal · poc

https://github.com/ManaswiJaiswal/Reproducing-ConnMan-1.34

View Code ZIP pw:eip

This repository contains a proof-of-concept for CVE-2017-12865, a vulnerability in ConnMan 1.34. The exploit appears to target a D-Bus-related issue, likely involving improper input validation or privilege escalation via D-Bus method calls.

Classification

Working Poc 90%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: ConnMan 1.34

No auth needed

Prerequisites: Access to a system running ConnMan 1.34 · D-Bus access

MITRE ATT&CK