CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 2CVE-2022-39836 – COVESA 2.18.8 NULL Pointer Dereference / Heap Buffer Over-Read
https://notcve.org/view.php?id=CVE-2022-39836
An issue was discovered in Connected Vehicle Systems Alliance (COVESA) dlt-daemon through 2.18.8. Due to a faulty DLT file parser, a crafted DLT file that crashes the process can be created. This is due to missing validation checks. There is a heap-based buffer over-read of one byte. Se ha detectado un problema en el dlt-daemon de Connected Vehicle Systems Alliance (COVESA) versiones hasta 2.18.8. • https://lists.debian.org/debian-lts-announce/2024/06/msg00021.html https://sec-consult.com/vulnerability-lab/advisory/multiple-memory-corruption-vulnerabilities-in-covesa-dlt-daemon https://seclists.org/fulldisclosure/2022/Sep/24 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 2CVE-2022-39837 – COVESA 2.18.8 NULL Pointer Dereference / Heap Buffer Over-Read
https://notcve.org/view.php?id=CVE-2022-39837
An issue was discovered in Connected Vehicle Systems Alliance (COVESA) dlt-daemon through 2.18.8. Due to a faulty DLT file parser, a crafted DLT file that crashes the process can be created. This is due to missing validation checks. There is a NULL pointer dereference, Se ha detectado un problema en Connected Vehicle Systems Alliance (COVESA) dlt-daemon versiones hasta 2.18.8. Debido a un analizador de archivos DLT defectuoso, puede crearse un archivo DLT diseñado que bloquea el proceso. • https://lists.debian.org/debian-lts-announce/2024/06/msg00021.html https://sec-consult.com/vulnerability-lab/advisory/multiple-memory-corruption-vulnerabilities-in-covesa-dlt-daemon https://seclists.org/fulldisclosure/2022/Sep/24 • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-31291
https://notcve.org/view.php?id=CVE-2022-31291
An issue in dlt_config_file_parser.c of dlt-daemon v2.18.8 allows attackers to cause a double free via crafted TCP packets. Un problema en el archivo dlt_config_file_parser.c de dlt-daemon versión v2.18.8, permite a atacantes causar una doble liberación por medio de paquetes TCP diseñados • https://github.com/COVESA/dlt-daemon/pull/376/commits https://lists.debian.org/debian-lts-announce/2022/12/msg00016.html • CWE-415: Double Free •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-29507 – dlt-daemon could crash if there is special character in dlt.conf
https://notcve.org/view.php?id=CVE-2021-29507
GENIVI Diagnostic Log and Trace (DLT) provides a log and trace interface. In versions of GENIVI DLT between 2.10.0 and 2.18.6, a configuration file containing the special characters could cause a vulnerable component to crash. All the applications which are using the configuration file could fail to generate their dlt logs in system. As of time of publication, no patch exists. As a workaround, one may check the integrity of information in configuration file manually. • https://github.com/GENIVI/dlt-daemon/security/advisories/GHSA-7cqp-2hqj-mh3f • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 1%CPEs: 2EXPL: 0CVE-2020-36244
https://notcve.org/view.php?id=CVE-2020-36244
The daemon in GENIVI diagnostic log and trace (DLT), is vulnerable to a heap-based buffer overflow that could allow an attacker to remotely execute arbitrary code on the DLT-Daemon (versions prior to 2.18.6). El daemon de GENIVI diagnostic log and trace (DLT), es vulnerable a un desbordamiento de buffer basado en heap que podría permitir a un atacante ejecutar remotamente código arbitrario en el DLT-Daemon (versiones anteriores a la 2.18.6) • https://github.com/GENIVI/dlt-daemon/compare/v2.18.5...v2.18.6 https://github.com/GENIVI/dlt-daemon/issues/265 https://lists.debian.org/debian-lts-announce/2022/12/msg00016.html https://us-cert.cisa.gov/ics/advisories/icsa-21-147-01 • CWE-787: Out-of-bounds Write •