CVE-2021-29507 — Improper Input Validation in Diagnostic LOG AND Trace

CWE-20 — Improper Input Validation3 documents3 sources

Severity

6.5MEDIUMNVD

EPSS

0.3%

top 50.41%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Covesa Dlt-daemon Debian Dlt-daemon Genivi Diagnostic LOG AND Trace +1 more

Timeline

PublishedMay 28

Description

GENIVI Diagnostic Log and Trace (DLT) provides a log and trace interface. In versions of GENIVI DLT between 2.10.0 and 2.18.6, a configuration file containing the special characters could cause a vulnerable component to crash. All the applications which are using the configuration file could fail to generate their dlt logs in system. As of time of publication, no patch exists. As a workaround, one may check the integrity of information in configuration file manually.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages4 packages

▶NVDgenivi/diagnostic_log_and_trace2.10.0 — 2.18.6

▶CVEListV5genivi/dlt-daemon> 2.10.0, <= 2.18.6

▶debiandebian/dlt-daemon< dlt-daemon 2.18.8-1 (bookworm)

▶Debiancovesa/dlt-daemon< 2.18.8-1+2

🔴Vulnerability Details

OSV

CVE-2021-29507: GENIVI Diagnostic Log and Trace (DLT) provides a log and trace interface↗2021-05-28

▶

📋Vendor Advisories

Debian

CVE-2021-29507: dlt-daemon - GENIVI Diagnostic Log and Trace (DLT) provides a log and trace interface. In ver...↗2021

▶