Lucene search

MitreCVE-2022-39837

HistoryOct 25, 2022 - 5:15 p.m.

CVE-2022-39837

2022-10-2517:15:56

CWE-476

mitre

web.nvd.nist.gov

cve-2022-39837

connected vehicle systems alliance

covesa

dlt-daemon

dlt file

null pointer dereference

nvd

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

AI Score

5.2

Confidence

High

EPSS

0.001

Percentile

26.9%

JSON

An issue was discovered in Connected Vehicle Systems Alliance (COVESA) dlt-daemon through 2.18.8. Due to a faulty DLT file parser, a crafted DLT file that crashes the process can be created. This is due to missing validation checks. There is a NULL pointer dereference,

Affected configurations

Nvd

Node

genividiagnostic_log_and_traceRange≤2.18.8

VendorProductVersionCPE
genividiagnostic_log_and_trace*cpe:2.3:a:genivi:diagnostic_log_and_trace:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
genivi	diagnostic_log_and_trace	*	cpe:2.3:a:genivi:diagnostic_log_and_trace::::::::

References

lists.debian.org/debian-lts-announce/2024/06/msg00021.html

sec-consult.com/vulnerability-lab/advisory/multiple-memory-corruption-vulnerabilities-in-covesa-dlt-daemon/

seclists.org/fulldisclosure/2022/Sep/24

Social References

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

AI Score

5.2

Confidence

High

EPSS

0.001

Percentile

26.9%

JSON

Related for CVE-2022-39837