An issue was discovered in Connected Vehicle Systems Alliance (COVESA) dlt-daemon through 2.18.8. Due to a faulty DLT file parser, a crafted DLT file that crashes the process can be created. This is due to missing validation checks. There is a NULL pointer dereference,
References
Link | Resource |
---|---|
https://seclists.org/fulldisclosure/2022/Sep/24 | Exploit Mailing List Patch Third Party Advisory |
https://sec-consult.com/vulnerability-lab/advisory/multiple-memory-corruption-vulnerabilities-in-covesa-dlt-daemon/ | Exploit Patch Third Party Advisory |
Configurations
Information
Published : 2022-10-25 10:15
Updated : 2022-10-27 06:54
NVD link : CVE-2022-39837
Mitre link : CVE-2022-39837
JSON object : View
CWE
CWE-476
NULL Pointer Dereference
Products Affected
genivi
- diagnostic_log_and_trace