CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 2CVE-2022-39836 – COVESA 2.18.8 NULL Pointer Dereference / Heap Buffer Over-Read
https://notcve.org/view.php?id=CVE-2022-39836
An issue was discovered in Connected Vehicle Systems Alliance (COVESA) dlt-daemon through 2.18.8. Due to a faulty DLT file parser, a crafted DLT file that crashes the process can be created. This is due to missing validation checks. There is a heap-based buffer over-read of one byte. Se ha detectado un problema en el dlt-daemon de Connected Vehicle Systems Alliance (COVESA) versiones hasta 2.18.8. • https://lists.debian.org/debian-lts-announce/2024/06/msg00021.html https://sec-consult.com/vulnerability-lab/advisory/multiple-memory-corruption-vulnerabilities-in-covesa-dlt-daemon https://seclists.org/fulldisclosure/2022/Sep/24 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 2CVE-2022-39837 – COVESA 2.18.8 NULL Pointer Dereference / Heap Buffer Over-Read
https://notcve.org/view.php?id=CVE-2022-39837
An issue was discovered in Connected Vehicle Systems Alliance (COVESA) dlt-daemon through 2.18.8. Due to a faulty DLT file parser, a crafted DLT file that crashes the process can be created. This is due to missing validation checks. There is a NULL pointer dereference, Se ha detectado un problema en Connected Vehicle Systems Alliance (COVESA) dlt-daemon versiones hasta 2.18.8. Debido a un analizador de archivos DLT defectuoso, puede crearse un archivo DLT diseñado que bloquea el proceso. • https://lists.debian.org/debian-lts-announce/2024/06/msg00021.html https://sec-consult.com/vulnerability-lab/advisory/multiple-memory-corruption-vulnerabilities-in-covesa-dlt-daemon https://seclists.org/fulldisclosure/2022/Sep/24 • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-31291
https://notcve.org/view.php?id=CVE-2022-31291
An issue in dlt_config_file_parser.c of dlt-daemon v2.18.8 allows attackers to cause a double free via crafted TCP packets. Un problema en el archivo dlt_config_file_parser.c de dlt-daemon versión v2.18.8, permite a atacantes causar una doble liberación por medio de paquetes TCP diseñados • https://github.com/COVESA/dlt-daemon/pull/376/commits https://lists.debian.org/debian-lts-announce/2022/12/msg00016.html • CWE-415: Double Free •