Vulnerability Details CVE-2022-39836
An issue was discovered in Connected Vehicle Systems Alliance (COVESA) dlt-daemon through 2.18.8. Due to a faulty DLT file parser, a crafted DLT file that crashes the process can be created. This is due to missing validation checks. There is a heap-based buffer over-read of one byte.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 4.3%
CVSS Severity
CVSS v3 Score 5.5
References
- https://lists.debian.org/debian-lts-announce/2024/06/msg00021.html
- https://sec-consult.com/vulnerability-lab/advisory/multiple-memory-corruption-vulnerabilities-in-covesa-dlt-daemon/
- https://seclists.org/fulldisclosure/2022/Sep/24
- https://lists.debian.org/debian-lts-announce/2024/06/msg00021.html
- https://sec-consult.com/vulnerability-lab/advisory/multiple-memory-corruption-vulnerabilities-in-covesa-dlt-daemon/
- https://seclists.org/fulldisclosure/2022/Sep/24
Products affected by CVE-2022-39836
-
cpe:2.3:a:genivi:diagnostic_log_and_trace:2.10.0
-
cpe:2.3:a:genivi:diagnostic_log_and_trace:2.11.0
-
cpe:2.3:a:genivi:diagnostic_log_and_trace:2.11.1
-
cpe:2.3:a:genivi:diagnostic_log_and_trace:2.12.0
-
cpe:2.3:a:genivi:diagnostic_log_and_trace:2.12.1
-
cpe:2.3:a:genivi:diagnostic_log_and_trace:2.13.0
-
cpe:2.3:a:genivi:diagnostic_log_and_trace:2.14.0
-
cpe:2.3:a:genivi:diagnostic_log_and_trace:2.14.1
-
cpe:2.3:a:genivi:diagnostic_log_and_trace:2.15.0
-
cpe:2.3:a:genivi:diagnostic_log_and_trace:2.16.0
-
cpe:2.3:a:genivi:diagnostic_log_and_trace:2.17.0
-
cpe:2.3:a:genivi:diagnostic_log_and_trace:2.18.0
-
cpe:2.3:a:genivi:diagnostic_log_and_trace:2.18.1
-
cpe:2.3:a:genivi:diagnostic_log_and_trace:2.18.2
-
cpe:2.3:a:genivi:diagnostic_log_and_trace:2.18.3
-
cpe:2.3:a:genivi:diagnostic_log_and_trace:2.18.4
-
cpe:2.3:a:genivi:diagnostic_log_and_trace:2.18.5
-
cpe:2.3:a:genivi:diagnostic_log_and_trace:2.18.6
-
cpe:2.3:a:genivi:diagnostic_log_and_trace:2.18.8
-
cpe:2.3:a:genivi:diagnostic_log_and_trace:2.2.0
-
cpe:2.3:a:genivi:diagnostic_log_and_trace:2.3.0
-
cpe:2.3:a:genivi:diagnostic_log_and_trace:2.4.0
-
cpe:2.3:a:genivi:diagnostic_log_and_trace:2.4.1
-
cpe:2.3:a:genivi:diagnostic_log_and_trace:2.4.2
-
cpe:2.3:a:genivi:diagnostic_log_and_trace:2.5.0
-
cpe:2.3:a:genivi:diagnostic_log_and_trace:2.5.1
-
cpe:2.3:a:genivi:diagnostic_log_and_trace:2.5.2
-
cpe:2.3:a:genivi:diagnostic_log_and_trace:2.6.0
-
cpe:2.3:a:genivi:diagnostic_log_and_trace:2.6.1
-
cpe:2.3:a:genivi:diagnostic_log_and_trace:2.6.2
-
cpe:2.3:a:genivi:diagnostic_log_and_trace:2.7.0
-
cpe:2.3:a:genivi:diagnostic_log_and_trace:2.7.1
-
cpe:2.3:a:genivi:diagnostic_log_and_trace:2.8.0
-
cpe:2.3:a:genivi:diagnostic_log_and_trace:2.8.5
-
cpe:2.3:a:genivi:diagnostic_log_and_trace:2.9.0
-
cpe:2.3:a:genivi:diagnostic_log_and_trace:2.9.1