CVE-2020-29394

February 6, 2021

A buffer overflow in the dlt_filter_load function in dlt_common.c from dlt-daemon 2.18.5 (GENIVI Diagnostic Log and Trace) allows arbitrary code execution because fscanf is misused (no limit on the number of characters to be read in the format argument).

Summary:

A buffer overflow in the dlt_filter_load function in dlt_common.c from dlt-daemon 2.18.5 (GENIVI Diagnostic Log and Trace) allows arbitrary code execution because fscanf is misused (no limit on the number of characters to be read in the format argument).

Reference Links(if available):

  • https://github.com/GENIVI/dlt-daemon/issues/274
  • https://github.com/GENIVI/dlt-daemon/pull/275
  • https://github.com/GENIVI/dlt-daemon/pull/288

  • CVSS Score (if available)

    v2: / MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P

    v3: / HIGHCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

    Links to Exploits(if available)

  • Tags: , , , ,

    You may have missed

    CISA Logo

    CISA: CISA Releases Three Industrial Control Systems Advisories

    April 27, 2024
    CISA Logo

    CISA: CISA and Partners Release Advisory on Akira Ransomware

    April 27, 2024
    CISA Logo

    CISA: CISA Releases Four Industrial Control Systems Advisories

    April 27, 2024
    CISA Logo

    CISA: Cisco Releases Security Advisories for Cisco Integrated Management Controller

    April 27, 2024
    CISA Logo

    CISA: Oracle Releases Critical Patch Update Advisory for April 2024

    April 27, 2024