Login Sign Up

CVE-2021-33833

9.8 CRITICAL
Remote Code Execution Buffer Overflow

📋 TL;DR

CVE-2021-33833 is a critical stack-based buffer overflow vulnerability in ConnMan's DNS proxy component. Attackers can exploit this by sending specially crafted DNS responses containing malicious NAME, RDATA, or RDLENGTH fields, potentially leading to remote code execution. Systems running ConnMan 1.30 through 1.39 for network management are affected.

💻 Affected Systems

Products:
  • ConnMan (Connection Manager)
Versions: 1.30 through 1.39
Operating Systems: Linux distributions using ConnMan
Default Config Vulnerable: ⚠️ Yes
Notes: Affects systems where ConnMan is configured to use its built-in DNS proxy functionality.

📦 What is this software?

Connection Manager by Intel

View all CVEs affecting Connection Manager →

Debian Linux by Debian

View all CVEs affecting Debian Linux →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with root privileges, allowing complete system compromise, data theft, and persistent backdoor installation.

🟠

Likely Case

Service disruption, denial of service, or limited code execution depending on exploit sophistication and system hardening.

🟢

If Mitigated

Denial of service only if exploit attempts are blocked or memory protections prevent code execution.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires sending malicious DNS responses to the vulnerable DNS proxy component.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.40 and later

Vendor Advisory: https://lore.kernel.org/connman/

Restart Required: Yes

Instructions:

1. Update ConnMan to version 1.40 or later using your distribution's package manager. 2. Restart the ConnMan service. 3. Verify the update was successful.

🔧 Temporary Workarounds

Disable DNS Proxy

linux

Configure ConnMan to use external DNS servers instead of its built-in DNS proxy.

Edit /etc/connman/main.conf and set 'EnableDNSProxy=false'
Restart connman: systemctl restart connman

🧯 If You Can't Patch

  • Implement network segmentation to isolate systems running vulnerable ConnMan versions.
  • Deploy network-based intrusion detection/prevention systems to block malicious DNS traffic.

🔍 How to Verify

Check if Vulnerable:

Check ConnMan version: connmand --version | grep -E '1\.(3[0-9]|39)'

Check Version:

connmand --version

Verify Fix Applied:

Verify version is 1.40 or later: connmand --version | grep -E '1\.(4[0-9]|[5-9][0-9])'

📡 Detection & Monitoring

Log Indicators:

  • ConnMan crash logs
  • Unexpected process termination
  • Memory access violation errors in system logs

Network Indicators:

  • Unusual DNS response patterns to ConnMan systems
  • DNS responses with malformed NAME/RDATA fields

SIEM Query:

source="connman" AND (event_type="crash" OR message="*overflow*" OR message="*segmentation fault*")

📊 Metadata

CVE ID: CVE-2021-33833
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-787
Published: June 9, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-33833, you might also want to check these:

CVE-2022-43604 10.0

CVE-2022-43604 is a critical out-of-bounds write vulnerability in the OpENer EtherNet/IP stack that ...

Same vulnerability type (CWE-787)
CVE-2025-24201 10.0

This critical vulnerability allows malicious web content to break out of the Web Content sandbox via...

Same vulnerability type (CWE-787)
CVE-2020-14871 10.0

This is a critical buffer overflow vulnerability (CWE-787) in Oracle Solaris's Pluggable Authenticat...

Same vulnerability type (CWE-787)