GENIVI Diagnostic Log and Trace 2.18.8

CPE Details

GENIVI Diagnostic Log and Trace 2.18.8
genivi
diagnostic_log_and_trace
2.18.8
2023-09-28
08h42 +00:00
2023-09-28
08h42 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:genivi:diagnostic_log_and_trace:2.18.8:*:*:*:*:*:*:*

Informations

Vendor

genivi

Product

diagnostic_log_and_trace

Version

2.18.8

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2022-39836 2022-10-23 22h00 +00:00 An issue was discovered in Connected Vehicle Systems Alliance (COVESA) dlt-daemon through 2.18.8. Due to a faulty DLT file parser, a crafted DLT file that crashes the process can be created. This is due to missing validation checks. There is a heap-based buffer over-read of one byte.
5.5
Medium
CVE-2022-39837 2022-10-23 22h00 +00:00 An issue was discovered in Connected Vehicle Systems Alliance (COVESA) dlt-daemon through 2.18.8. Due to a faulty DLT file parser, a crafted DLT file that crashes the process can be created. This is due to missing validation checks. There is a NULL pointer dereference,
5.5
Medium
CVE-2022-31291 2022-06-15 22h00 +00:00 An issue in dlt_config_file_parser.c of dlt-daemon v2.18.8 allows attackers to cause a double free via crafted TCP packets.
7.5
High
The information presented on CVE Find originates from several carefully selected reference sources. CVE data is provided by MITRE Corporation and the National Vulnerability Database (NVD). The Known Exploited Vulnerabilities (KEV) catalog is sourced from the Cybersecurity and Infrastructure Security Agency (CISA), while EPSS scores come from FIRST.org. Additionally, data regarding software weaknesses (CWE) and common attack patterns (CAPEC) is maintained by MITRE Corporation, and information on hardware and software configurations (CPE) is provided by the NVD.