6 results (0.008 seconds)

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 2

An issue was discovered in Connected Vehicle Systems Alliance (COVESA) dlt-daemon through 2.18.8. Due to a faulty DLT file parser, a crafted DLT file that crashes the process can be created. This is due to missing validation checks. There is a heap-based buffer over-read of one byte. Se ha detectado un problema en el dlt-daemon de Connected Vehicle Systems Alliance (COVESA) versiones hasta 2.18.8. • https://lists.debian.org/debian-lts-announce/2024/06/msg00021.html https://sec-consult.com/vulnerability-lab/advisory/multiple-memory-corruption-vulnerabilities-in-covesa-dlt-daemon https://seclists.org/fulldisclosure/2022/Sep/24 • CWE-125: Out-of-bounds Read •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 2

An issue was discovered in Connected Vehicle Systems Alliance (COVESA) dlt-daemon through 2.18.8. Due to a faulty DLT file parser, a crafted DLT file that crashes the process can be created. This is due to missing validation checks. There is a NULL pointer dereference, Se ha detectado un problema en Connected Vehicle Systems Alliance (COVESA) dlt-daemon versiones hasta 2.18.8. Debido a un analizador de archivos DLT defectuoso, puede crearse un archivo DLT diseñado que bloquea el proceso. • https://lists.debian.org/debian-lts-announce/2024/06/msg00021.html https://sec-consult.com/vulnerability-lab/advisory/multiple-memory-corruption-vulnerabilities-in-covesa-dlt-daemon https://seclists.org/fulldisclosure/2022/Sep/24 • CWE-476: NULL Pointer Dereference •

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0

An issue in dlt_config_file_parser.c of dlt-daemon v2.18.8 allows attackers to cause a double free via crafted TCP packets. Un problema en el archivo dlt_config_file_parser.c de dlt-daemon versión v2.18.8, permite a atacantes causar una doble liberación por medio de paquetes TCP diseñados • https://github.com/COVESA/dlt-daemon/pull/376/commits https://lists.debian.org/debian-lts-announce/2022/12/msg00016.html • CWE-415: Double Free •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

GENIVI Diagnostic Log and Trace (DLT) provides a log and trace interface. In versions of GENIVI DLT between 2.10.0 and 2.18.6, a configuration file containing the special characters could cause a vulnerable component to crash. All the applications which are using the configuration file could fail to generate their dlt logs in system. As of time of publication, no patch exists. As a workaround, one may check the integrity of information in configuration file manually. • https://github.com/GENIVI/dlt-daemon/security/advisories/GHSA-7cqp-2hqj-mh3f • CWE-20: Improper Input Validation •

CVSS: 9.8EPSS: 1%CPEs: 2EXPL: 0

The daemon in GENIVI diagnostic log and trace (DLT), is vulnerable to a heap-based buffer overflow that could allow an attacker to remotely execute arbitrary code on the DLT-Daemon (versions prior to 2.18.6). El daemon de GENIVI diagnostic log and trace (DLT), es vulnerable a un desbordamiento de buffer basado en heap que podría permitir a un atacante ejecutar remotamente código arbitrario en el DLT-Daemon (versiones anteriores a la 2.18.6) • https://github.com/GENIVI/dlt-daemon/compare/v2.18.5...v2.18.6 https://github.com/GENIVI/dlt-daemon/issues/265 https://lists.debian.org/debian-lts-announce/2022/12/msg00016.html https://us-cert.cisa.gov/ics/advisories/icsa-21-147-01 • CWE-787: Out-of-bounds Write •