Vulnerability Details : CVE-2022-39837
Potential exploit
An issue was discovered in Connected Vehicle Systems Alliance (COVESA) dlt-daemon through 2.18.8. Due to a faulty DLT file parser, a crafted DLT file that crashes the process can be created. This is due to missing validation checks. There is a NULL pointer dereference,
Vulnerability category: Memory Corruption
Products affected by CVE-2022-39837
- cpe:2.3:a:genivi:diagnostic_log_and_trace:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2022-39837
0.02%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 3 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2022-39837
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
5.5
|
MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
1.8
|
3.6
|
134c704f-9b21-4f2e-91b3-4a467353bcc0 | 2025-05-07 |
|
5.5
|
MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
1.8
|
3.6
|
NIST |
CWE ids for CVE-2022-39837
-
The product dereferences a pointer that it expects to be valid but is NULL.Assigned by:
- 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)
- nvd@nist.gov (Primary)
References for CVE-2022-39837
-
https://seclists.org/fulldisclosure/2022/Sep/24
Full Disclosure: SEC Consult SA-20220923-0 :: Multiple Memory Corruption Vulnerabilities in COVESA (Connected Vehicle Systems Alliance) DLT daemonExploit;Mailing List;Patch;Third Party Advisory
-
https://sec-consult.com/vulnerability-lab/advisory/multiple-memory-corruption-vulnerabilities-in-covesa-dlt-daemon/
Multiple Memory Corruption Vulnerabilities in COVESA DLT daemonExploit;Patch;Third Party Advisory
-
https://lists.debian.org/debian-lts-announce/2024/06/msg00021.html
[SECURITY] [DLA 3845-1] dlt-daemon security update
Jump to