CVE-2022-39836

Опубликовано: 25 окт. 2022

Источник: nvd

CVSS3: 5.5

EPSS Низкий

Описание

An issue was discovered in Connected Vehicle Systems Alliance (COVESA) dlt-daemon through 2.18.8. Due to a faulty DLT file parser, a crafted DLT file that crashes the process can be created. This is due to missing validation checks. There is a heap-based buffer over-read of one byte.

Ссылки

https://lists.debian.org/debian-lts-announce/2024/06/msg00021.html
https://sec-consult.com/vulnerability-lab/advisory/multiple-memory-corruption-vulnerabilities-in-covesa-dlt-daemon/
Exploit
Patch
Third Party Advisory
https://seclists.org/fulldisclosure/2022/Sep/24
Exploit
Mailing List
Patch
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2024/06/msg00021.html
https://sec-consult.com/vulnerability-lab/advisory/multiple-memory-corruption-vulnerabilities-in-covesa-dlt-daemon/
Exploit
Patch
Third Party Advisory
https://seclists.org/fulldisclosure/2022/Sep/24
Exploit
Mailing List
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:genivi:diagnostic_log_and_trace:*:*:*:*:*:*:*:*

Версия до 2.18.8 (включая)

EPSS

Процентиль: 30%

0.00114

Низкий

5.5 Medium

CVSS3

Дефекты

CWE-125

Связанные уязвимости

CVE-2022-39836

CVSS3: 5.5

ubuntu

больше 3 лет назад

CVE-2022-39836

CVSS3: 5.5

debian

больше 3 лет назад

An issue was discovered in Connected Vehicle Systems Alliance (COVESA) ...

GHSA-8gjv-jwgc-cx6r

CVSS3: 5.5

github

больше 3 лет назад

EPSS

Процентиль: 30%

0.00114

Низкий

5.5 Medium

CVSS3

Дефекты

CWE-125