COVESA/dlt-daemon

COVESA/dlt-daemon

covesa.github.io

Releases42

Frequency4 months 1 week

Last Release 4 months ago

Stars446

Diagnostic Log and Trace.

Log in to subscribe

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2023-36321 ↗	Oct 17, 2023Tuesday, 17 October 2023, 23:15	7.5 HIGH	—
Connected Vehicle Systems Alliance (COVESA) up to v2.18.8 was discovered to contain a buffer overflow via the component /shared/dlt_common.c.
CVE-2023-26257 ↗	Feb 27, 2023Monday, 27 February 2023, 05:15	7.5 HIGH	—
An issue was discovered in the Connected Vehicle Systems Alliance (COVESA; formerly GENIVI) dlt-daemon through 2.18.8. Dynamic memory is not released after it is allocated in dlt-control-common.c.
CVE-2022-31291 ↗	Jun 16, 2022Thursday, 16 June 2022, 16:15	7.5 HIGH	5 MEDIUM
An issue in dlt_config_file_parser.c of dlt-daemon v2.18.8 allows attackers to cause a double free via crafted TCP packets.
CVE-2020-36244 ↗	Feb 10, 2021Wednesday, 10 February 2021, 07:15	9.8 CRITICAL	7.5 HIGH
The daemon in GENIVI diagnostic log and trace (DLT), is vulnerable to a heap-based buffer overflow that could allow an attacker to remotely execute arbitrary code on the DLT-Daemon (versions prior to 2.18.6).
CVE-2020-29394 ↗	Nov 30, 2020Monday, 30 November 2020, 19:15	7.8 HIGH	6.8 MEDIUM
A buffer overflow in the dlt_filter_load function in dlt_common.c from dlt-daemon through 2.18.5 (GENIVI Diagnostic Log and Trace) allows arbitrary code execution because fscanf is misused (no limit on the number of characters to be read in the format argument).