Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5.5
CVSSv3

CVE-2022-39836

Published: 25/10/2022 Updated: 27/10/2022
CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8
VMScore: 0
Subscribe to Diagnostic Log And Trace

Vulnerability Summary

An issue exists in Connected Vehicle Systems Alliance (COVESA) dlt-daemon up to and including 2.18.8. Due to a faulty DLT file parser, a crafted DLT file that crashes the process can be created. This is due to missing validation checks. There is a heap-based buffer over-read of one byte.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

genivi diagnostic log and trace

Exploits

Exploit DB: COVESA 2.18.8 NULL Pointer Dereference / Heap Buffer Over-Read
COVESA versions 2188 and below suffer from heap buffer over-read and null pointer dereference vulnerabilities ...

References

CWE-125https://seclists.org/fulldisclosure/2022/Sep/24https://sec-consult.com/vulnerability-lab/advisory/multiple-memory-corruption-vulnerabilities-in-covesa-dlt-daemon/https://nvd.nist.govhttps://packetstormsecurity.com/files/168535/COVESA-2.18.8-NULL-Pointer-Dereference-Heap-Buffer-Over-Read.html
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
race conditionCVE-2024-4249CVE-2024-4244CVE-2023-20198TCPCVE-2022-48648CVE-2022-48636CVE-2024-21345SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook