ID CVE-2020-29394
Summary A buffer overflow in the dlt_filter_load function in dlt_common.c from dlt-daemon through 2.18.5 (GENIVI Diagnostic Log and Trace) allows arbitrary code execution because fscanf is misused (no limit on the number of characters to be read in the format argument).
References
Vulnerable Configurations
  • cpe:2.3:a:genivi:diagnostic_log_and_trace:2.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:genivi:diagnostic_log_and_trace:2.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:genivi:diagnostic_log_and_trace:2.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:genivi:diagnostic_log_and_trace:2.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:genivi:diagnostic_log_and_trace:2.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:genivi:diagnostic_log_and_trace:2.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:genivi:diagnostic_log_and_trace:2.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:genivi:diagnostic_log_and_trace:2.4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:genivi:diagnostic_log_and_trace:2.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:genivi:diagnostic_log_and_trace:2.4.2:*:*:*:*:*:*:*
  • cpe:2.3:a:genivi:diagnostic_log_and_trace:2.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:genivi:diagnostic_log_and_trace:2.5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:genivi:diagnostic_log_and_trace:2.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:genivi:diagnostic_log_and_trace:2.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:genivi:diagnostic_log_and_trace:2.5.2:*:*:*:*:*:*:*
    cpe:2.3:a:genivi:diagnostic_log_and_trace:2.5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:genivi:diagnostic_log_and_trace:2.6.0:*:*:*:*:*:*:*
    cpe:2.3:a:genivi:diagnostic_log_and_trace:2.6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:genivi:diagnostic_log_and_trace:2.6.1:*:*:*:*:*:*:*
    cpe:2.3:a:genivi:diagnostic_log_and_trace:2.6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:genivi:diagnostic_log_and_trace:2.6.2:*:*:*:*:*:*:*
    cpe:2.3:a:genivi:diagnostic_log_and_trace:2.6.2:*:*:*:*:*:*:*
  • cpe:2.3:a:genivi:diagnostic_log_and_trace:2.7.0:*:*:*:*:*:*:*
    cpe:2.3:a:genivi:diagnostic_log_and_trace:2.7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:genivi:diagnostic_log_and_trace:2.7.1:*:*:*:*:*:*:*
    cpe:2.3:a:genivi:diagnostic_log_and_trace:2.7.1:*:*:*:*:*:*:*
  • cpe:2.3:a:genivi:diagnostic_log_and_trace:2.8.0:*:*:*:*:*:*:*
    cpe:2.3:a:genivi:diagnostic_log_and_trace:2.8.0:*:*:*:*:*:*:*
  • cpe:2.3:a:genivi:diagnostic_log_and_trace:2.8.5:*:*:*:*:*:*:*
    cpe:2.3:a:genivi:diagnostic_log_and_trace:2.8.5:*:*:*:*:*:*:*
  • cpe:2.3:a:genivi:diagnostic_log_and_trace:2.9.0:*:*:*:*:*:*:*
    cpe:2.3:a:genivi:diagnostic_log_and_trace:2.9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:genivi:diagnostic_log_and_trace:2.9.1:*:*:*:*:*:*:*
    cpe:2.3:a:genivi:diagnostic_log_and_trace:2.9.1:*:*:*:*:*:*:*
  • cpe:2.3:a:genivi:diagnostic_log_and_trace:2.10.0:-:*:*:*:*:*:*
    cpe:2.3:a:genivi:diagnostic_log_and_trace:2.10.0:-:*:*:*:*:*:*
  • cpe:2.3:a:genivi:diagnostic_log_and_trace:2.10.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:genivi:diagnostic_log_and_trace:2.10.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:genivi:diagnostic_log_and_trace:2.11.0:*:*:*:*:*:*:*
    cpe:2.3:a:genivi:diagnostic_log_and_trace:2.11.0:*:*:*:*:*:*:*
  • cpe:2.3:a:genivi:diagnostic_log_and_trace:2.11.1:*:*:*:*:*:*:*
    cpe:2.3:a:genivi:diagnostic_log_and_trace:2.11.1:*:*:*:*:*:*:*
  • cpe:2.3:a:genivi:diagnostic_log_and_trace:2.12.0:*:*:*:*:*:*:*
    cpe:2.3:a:genivi:diagnostic_log_and_trace:2.12.0:*:*:*:*:*:*:*
  • cpe:2.3:a:genivi:diagnostic_log_and_trace:2.12.1:*:*:*:*:*:*:*
    cpe:2.3:a:genivi:diagnostic_log_and_trace:2.12.1:*:*:*:*:*:*:*
  • cpe:2.3:a:genivi:diagnostic_log_and_trace:2.13.0:*:*:*:*:*:*:*
    cpe:2.3:a:genivi:diagnostic_log_and_trace:2.13.0:*:*:*:*:*:*:*
  • cpe:2.3:a:genivi:diagnostic_log_and_trace:2.14.0:*:*:*:*:*:*:*
    cpe:2.3:a:genivi:diagnostic_log_and_trace:2.14.0:*:*:*:*:*:*:*
  • cpe:2.3:a:genivi:diagnostic_log_and_trace:2.14.1:*:*:*:*:*:*:*
    cpe:2.3:a:genivi:diagnostic_log_and_trace:2.14.1:*:*:*:*:*:*:*
  • cpe:2.3:a:genivi:diagnostic_log_and_trace:2.15.0:*:*:*:*:*:*:*
    cpe:2.3:a:genivi:diagnostic_log_and_trace:2.15.0:*:*:*:*:*:*:*
  • cpe:2.3:a:genivi:diagnostic_log_and_trace:2.16.0:*:*:*:*:*:*:*
    cpe:2.3:a:genivi:diagnostic_log_and_trace:2.16.0:*:*:*:*:*:*:*
  • cpe:2.3:a:genivi:diagnostic_log_and_trace:2.17.0:*:*:*:*:*:*:*
    cpe:2.3:a:genivi:diagnostic_log_and_trace:2.17.0:*:*:*:*:*:*:*
  • cpe:2.3:a:genivi:diagnostic_log_and_trace:2.18.0:*:*:*:*:*:*:*
    cpe:2.3:a:genivi:diagnostic_log_and_trace:2.18.0:*:*:*:*:*:*:*
  • cpe:2.3:a:genivi:diagnostic_log_and_trace:2.18.1:*:*:*:*:*:*:*
    cpe:2.3:a:genivi:diagnostic_log_and_trace:2.18.1:*:*:*:*:*:*:*
  • cpe:2.3:a:genivi:diagnostic_log_and_trace:2.18.2:*:*:*:*:*:*:*
    cpe:2.3:a:genivi:diagnostic_log_and_trace:2.18.2:*:*:*:*:*:*:*
  • cpe:2.3:a:genivi:diagnostic_log_and_trace:2.18.3:*:*:*:*:*:*:*
    cpe:2.3:a:genivi:diagnostic_log_and_trace:2.18.3:*:*:*:*:*:*:*
  • cpe:2.3:a:genivi:diagnostic_log_and_trace:2.18.4:*:*:*:*:*:*:*
    cpe:2.3:a:genivi:diagnostic_log_and_trace:2.18.4:*:*:*:*:*:*:*
  • cpe:2.3:a:genivi:diagnostic_log_and_trace:2.18.5:*:*:*:*:*:*:*
    cpe:2.3:a:genivi:diagnostic_log_and_trace:2.18.5:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
CVSS
Base: 6.8 (as of 03-02-2023 - 18:42)
Impact:
Exploitability:
CWE CWE-787
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:M/Au:N/C:P/I:P/A:P
refmap via4
misc
Last major update 03-02-2023 - 18:42
Published 30-11-2020 - 19:15
Last modified 03-02-2023 - 18:42
Back to Top