Genivi: >> Diagnostic Log And Trace >> 2.18.8 Security Vulnerabilities
An issue was discovered in Connected Vehicle Systems Alliance (COVESA) dlt-daemon through 2.18.8. Due to a faulty DLT file parser, a crafted DLT file that crashes the process can be created. This is due to missing validation checks. There is a heap-based buffer over-read of one byte.
CVSS Score
5.5
EPSS Score
0.0
Published
2022-10-25
An issue was discovered in Connected Vehicle Systems Alliance (COVESA) dlt-daemon through 2.18.8. Due to a faulty DLT file parser, a crafted DLT file that crashes the process can be created. This is due to missing validation checks. There is a NULL pointer dereference,
CVSS Score
5.5
EPSS Score
0.0
Published
2022-10-25
An issue in dlt_config_file_parser.c of dlt-daemon v2.18.8 allows attackers to cause a double free via crafted TCP packets.
CVSS Score
7.5
EPSS Score
0.0
Published
2022-06-16