CVE-2020-29394

Опубликовано: 30 нояб. 2020

Источник: nvd

CVSS3: 7.8

CVSS2: 6.8

EPSS Низкий

Описание

A buffer overflow in the dlt_filter_load function in dlt_common.c from dlt-daemon through 2.18.5 (GENIVI Diagnostic Log and Trace) allows arbitrary code execution because fscanf is misused (no limit on the number of characters to be read in the format argument).

Ссылки

https://github.com/GENIVI/dlt-daemon/issues/274
Exploit
Patch
Third Party Advisory
https://github.com/GENIVI/dlt-daemon/pull/275
Patch
Third Party Advisory
https://github.com/GENIVI/dlt-daemon/pull/288
Patch
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2022/12/msg00016.html
Mailing List
Third Party Advisory
https://github.com/GENIVI/dlt-daemon/issues/274
Exploit
Patch
Third Party Advisory
https://github.com/GENIVI/dlt-daemon/pull/275
Patch
Third Party Advisory
https://github.com/GENIVI/dlt-daemon/pull/288
Patch
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2022/12/msg00016.html
Mailing List
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:genivi:diagnostic_log_and_trace:*:*:*:*:*:*:*:*

Версия до 2.18.5 (включая)

Конфигурация 2

cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

EPSS

Процентиль: 81%

0.01483

Низкий

7.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-787

Связанные уязвимости

CVE-2020-29394

CVSS3: 7.8

ubuntu

около 5 лет назад

CVE-2020-29394

CVSS3: 7.8

debian

около 5 лет назад

A buffer overflow in the dlt_filter_load function in dlt_common.c from ...

GHSA-phgp-jpjx-5mh3

CVSS3: 7.8

github

больше 3 лет назад

A buffer overflow in the dlt_filter_load function in dlt_common.c in dlt-daemon 2.8.5 (GENIVI Diagnostic Log and Trace) allows arbitrary code execution because fscanf is misused (no limit on the number of characters to be read in a format argument).

EPSS

Процентиль: 81%

0.01483

Низкий

7.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-787