CVE-2020-36244 — Out-of-bounds Write in Diagnostic LOG AND Trace

CWE-787 — Out-of-bounds Write5 documents5 sources

Severity

9.8CRITICALNVD

EPSS

2.6%

top 14.34%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Covesa Dlt-daemon Genivi Diagnostic LOG AND Trace Debian Dlt-daemon +1 more

Timeline

PublishedFeb 10

Latest updateMay 24

Description

The daemon in GENIVI diagnostic log and trace (DLT), is vulnerable to a heap-based buffer overflow that could allow an attacker to remotely execute arbitrary code on the DLT-Daemon (versions prior to 2.18.6).

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

▶NVDgenivi/diagnostic_log_and_trace< 2.18.6

▶debiandebian/dlt-daemon< dlt-daemon 2.18.6-1 (bookworm)

▶Debiancovesa/dlt-daemon< 2.18.6-1+3

Also affects: Debian Linux 10.0

Patches

Patch: github.com ↗Patch: lists.debian.org ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-rqph-xm6j-r2mf: The daemon in GENIVI Diagnostic Log and Trace (DLT) before 2↗2022-05-24

▶

OSV

CVE-2020-36244: The daemon in GENIVI diagnostic log and trace (DLT), is vulnerable to a heap-based buffer overflow that could allow an attacker to remotely execute ar↗2021-02-10

▶

📋Vendor Advisories

CISA ICS

GENIVI Alliance DLT↗2021-05-27

▶

Debian

CVE-2020-36244: dlt-daemon - The daemon in GENIVI diagnostic log and trace (DLT), is vulnerable to a heap-bas...↗2020

▶