CVE-2022-31291Double Free in Dlt-daemon

CWE-415Double Free4 documents4 sources
Severity
7.5HIGHNVD
EPSS
0.1%
top 71.94%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Covesa Dlt-daemonDebian Dlt-daemonDebian Linux+1 more
Timeline
PublishedJun 16
Latest updateJun 17

Description

An issue in dlt_config_file_parser.c of dlt-daemon v2.18.8 allows attackers to cause a double free via crafted TCP packets.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

debiandebian/dlt-daemon< dlt-daemon 2.18.6-2.1 (bookworm)
Debiancovesa/dlt-daemon< 2.18.6-1+deb11u1+3

Also affects: Debian Linux 10.0

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

2
GHSA
GHSA-5569-pg4r-25pv: An issue in dlt_config_file_parser2022-06-17
OSV
CVE-2022-31291: An issue in dlt_config_file_parser2022-06-16

📋Vendor Advisories

1
Debian
CVE-2022-31291: dlt-daemon - An issue in dlt_config_file_parser.c of dlt-daemon v2.18.8 allows attackers to c...2022