Debian Dlt-Daemon vulnerabilities

CVE-2023-36321 [HIGH] CVE-2023-36321: dlt-daemon - Connected Vehicle Systems Alliance (COVESA) up to v2.18.8 was discovered to cont... Connected Vehicle Systems Alliance (COVESA) up to v2.18.8 was discovered to contain a buffer overflow via the component /shared/dlt_common.c. Scope: local bookworm: open bullseye: open forky: resolved (fixed in 2.18.9-1) sid: resolved (fixed in 2.18.9-1) trixie: resolved (fixed in 2.18.9-1)

CVE-2023-26257 [HIGH] CVE-2023-26257: dlt-daemon - An issue was discovered in the Connected Vehicle Systems Alliance (COVESA; forme... An issue was discovered in the Connected Vehicle Systems Alliance (COVESA; formerly GENIVI) dlt-daemon through 2.18.8. Dynamic memory is not released after it is allocated in dlt-control-common.c. Scope: local bookworm: open bullseye: open forky: resolved (fixed in 2.18.9-1) sid: resolved (fixed in 2.18.9-1) trixie: resolved (fixed in 2.18.9-1)

CVE-2022-31291 [HIGH] CVE-2022-31291: dlt-daemon - An issue in dlt_config_file_parser.c of dlt-daemon v2.18.8 allows attackers to c... An issue in dlt_config_file_parser.c of dlt-daemon v2.18.8 allows attackers to cause a double free via crafted TCP packets. Scope: local bookworm: resolved (fixed in 2.18.6-2.1) bullseye: resolved (fixed in 2.18.6-1+deb11u1) forky: resolved (fixed in 2.18.6-2.1) sid: resolved (fixed in 2.18.6-2.1) trixie: resolved (fixed in 2.18.6-2.1)

CVE-2022-39836 [MEDIUM] CVE-2022-39836: dlt-daemon - An issue was discovered in Connected Vehicle Systems Alliance (COVESA) dlt-daemo... An issue was discovered in Connected Vehicle Systems Alliance (COVESA) dlt-daemon through 2.18.8. Due to a faulty DLT file parser, a crafted DLT file that crashes the process can be created. This is due to missing validation checks. There is a heap-based buffer over-read of one byte. Scope: local bookworm: open bullseye: open forky: resolved (fixed in 2.18.9-1)

CVE-2022-39837 [MEDIUM] CVE-2022-39837: dlt-daemon - An issue was discovered in Connected Vehicle Systems Alliance (COVESA) dlt-daemo... An issue was discovered in Connected Vehicle Systems Alliance (COVESA) dlt-daemon through 2.18.8. Due to a faulty DLT file parser, a crafted DLT file that crashes the process can be created. This is due to missing validation checks. There is a NULL pointer dereference, Scope: local bookworm: open bullseye: open forky: resolved (fixed in 2.18.9-1) sid: resolved

CVE-2021-29507 [MEDIUM] CVE-2021-29507: dlt-daemon - GENIVI Diagnostic Log and Trace (DLT) provides a log and trace interface. In ver... GENIVI Diagnostic Log and Trace (DLT) provides a log and trace interface. In versions of GENIVI DLT between 2.10.0 and 2.18.6, a configuration file containing the special characters could cause a vulnerable component to crash. All the applications which are using the configuration file could fail to generate their dlt logs in system. As of time of publication,

CVE-2020-36244 [CRITICAL] CVE-2020-36244: dlt-daemon - The daemon in GENIVI diagnostic log and trace (DLT), is vulnerable to a heap-bas... The daemon in GENIVI diagnostic log and trace (DLT), is vulnerable to a heap-based buffer overflow that could allow an attacker to remotely execute arbitrary code on the DLT-Daemon (versions prior to 2.18.6). Scope: local bookworm: resolved (fixed in 2.18.6-1) bullseye: resolved (fixed in 2.18.6-1) forky: resolved (fixed in 2.18.6-1) sid: resolved (fixed in 2

CVE-2020-29394 [HIGH] CVE-2020-29394: dlt-daemon - A buffer overflow in the dlt_filter_load function in dlt_common.c from dlt-daemo... A buffer overflow in the dlt_filter_load function in dlt_common.c from dlt-daemon through 2.18.5 (GENIVI Diagnostic Log and Trace) allows arbitrary code execution because fscanf is misused (no limit on the number of characters to be read in the format argument). Scope: local bookworm: resolved (fixed in 2.18.5-0.3) bullseye: resolved (fixed in 2.18.5-0.3) forky: