Search criteria
3 vulnerabilities by COVESA
CVE-2024-3979 (GCVE-0-2024-3979)
Vulnerability from cvelistv5 – Published: 2024-04-19 18:00 – Updated: 2024-08-01 20:26
VLAI?
Title
COVESA vsomeip race condition
Summary
A vulnerability, which was classified as problematic, has been found in COVESA vsomeip up to 3.4.10. Affected by this issue is some unknown functionality. The manipulation leads to race condition. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-261596.
Severity ?
4.4 (Medium)
4.4 (Medium)
CWE
- CWE-362 - Race Condition
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
Credits
xuguosheng (VulDB User)
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:covesa:vsomeip:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vsomeip",
"vendor": "covesa",
"versions": [
{
"lessThan": "3.4.10",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-3979",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-22T23:59:52.816044Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-06T19:45:48.256Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:26:57.251Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VDB-261596 | COVESA vsomeip race condition",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://vuldb.com/?id.261596"
},
{
"name": "VDB-261596 | CTI Indicators (IOB, IOC)",
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.261596"
},
{
"name": "Submit #312410 | Bayerische Motoren Werke Aktiengesellschaft vsomeip 3.4.10 Concurrency Bug",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://vuldb.com/?submit.312410"
},
{
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://github.com/COVESA/vsomeip/issues/663"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://github.com/COVESA/vsomeip/files/14904610/details.zip"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vsomeip",
"vendor": "COVESA",
"versions": [
{
"status": "affected",
"version": "3.4.0"
},
{
"status": "affected",
"version": "3.4.1"
},
{
"status": "affected",
"version": "3.4.2"
},
{
"status": "affected",
"version": "3.4.3"
},
{
"status": "affected",
"version": "3.4.4"
},
{
"status": "affected",
"version": "3.4.5"
},
{
"status": "affected",
"version": "3.4.6"
},
{
"status": "affected",
"version": "3.4.7"
},
{
"status": "affected",
"version": "3.4.8"
},
{
"status": "affected",
"version": "3.4.9"
},
{
"status": "affected",
"version": "3.4.10"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "xuguosheng (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as problematic, has been found in COVESA vsomeip up to 3.4.10. Affected by this issue is some unknown functionality. The manipulation leads to race condition. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-261596."
},
{
"lang": "de",
"value": "Eine problematische Schwachstelle wurde in COVESA vsomeip bis 3.4.10 entdeckt. Es geht hierbei um eine nicht n\u00e4her spezifizierte Funktion. Mittels dem Manipulieren mit unbekannten Daten kann eine race condition-Schwachstelle ausgenutzt werden. Der Angriff muss lokal passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 3.2,
"vectorString": "AV:L/AC:L/Au:S/C:N/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-362",
"description": "CWE-362 Race Condition",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-19T18:00:08.395Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-261596 | COVESA vsomeip race condition",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.261596"
},
{
"name": "VDB-261596 | CTI Indicators (IOB, IOC)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.261596"
},
{
"name": "Submit #312410 | Bayerische Motoren Werke Aktiengesellschaft vsomeip 3.4.10 Concurrency Bug",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.312410"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/COVESA/vsomeip/issues/663"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/COVESA/vsomeip/files/14904610/details.zip"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-04-19T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-04-19T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-04-19T15:00:52.000Z",
"value": "VulDB entry last update"
}
],
"title": "COVESA vsomeip race condition"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-3979",
"datePublished": "2024-04-19T18:00:08.395Z",
"dateReserved": "2024-04-19T12:42:20.228Z",
"dateUpdated": "2024-08-01T20:26:57.251Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-36321 (GCVE-0-2023-36321)
Vulnerability from cvelistv5 – Published: 2023-10-17 00:00 – Updated: 2024-08-02 16:45
VLAI?
Summary
Connected Vehicle Systems Alliance (COVESA) up to v2.18.8 was discovered to contain a buffer overflow via the component /shared/dlt_common.c.
Severity ?
7.5 (High)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:covesa:dlt-daemon:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "dlt-daemon",
"vendor": "covesa",
"versions": [
{
"lessThan": "2.18.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-36321",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-17T20:28:29.455261Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-17T20:28:33.290Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:45:56.571Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/michael-methner/dlt-daemon/commit/8ac9a080bee25e67e49bd138d81c992ce7b6d899"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/COVESA/dlt-daemon/issues/436"
},
{
"name": "[debian-lts-announce] 20240627 [SECURITY] [DLA 3845-1] dlt-daemon security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00021.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Connected Vehicle Systems Alliance (COVESA) up to v2.18.8 was discovered to contain a buffer overflow via the component /shared/dlt_common.c."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-27T18:05:59.754745",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/michael-methner/dlt-daemon/commit/8ac9a080bee25e67e49bd138d81c992ce7b6d899"
},
{
"url": "https://github.com/COVESA/dlt-daemon/issues/436"
},
{
"name": "[debian-lts-announce] 20240627 [SECURITY] [DLA 3845-1] dlt-daemon security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00021.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-36321",
"datePublished": "2023-10-17T00:00:00",
"dateReserved": "2023-06-21T00:00:00",
"dateUpdated": "2024-08-02T16:45:56.571Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-26257 (GCVE-0-2023-26257)
Vulnerability from cvelistv5 – Published: 2023-02-27 00:00 – Updated: 2024-08-02 11:46
VLAI?
Summary
An issue was discovered in the Connected Vehicle Systems Alliance (COVESA; formerly GENIVI) dlt-daemon through 2.18.8. Dynamic memory is not released after it is allocated in dlt-control-common.c.
Severity ?
7.5 (High)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:covesa:dlt-daemon:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "dlt-daemon",
"vendor": "covesa",
"versions": [
{
"lessThanOrEqual": "2.18.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-26257",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-16T14:01:25.500802Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-401",
"description": "CWE-401 Missing Release of Memory after Effective Lifetime",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-16T14:09:50.128Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:46:23.504Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/COVESA/dlt-daemon/issues/440"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/COVESA/dlt-daemon/pull/441/commits/b6149e203f919c899fefc702a17fbb78bdec3700"
},
{
"name": "[debian-lts-announce] 20240627 [SECURITY] [DLA 3845-1] dlt-daemon security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00021.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in the Connected Vehicle Systems Alliance (COVESA; formerly GENIVI) dlt-daemon through 2.18.8. Dynamic memory is not released after it is allocated in dlt-control-common.c."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-27T18:06:02.878118",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/COVESA/dlt-daemon/issues/440"
},
{
"url": "https://github.com/COVESA/dlt-daemon/pull/441/commits/b6149e203f919c899fefc702a17fbb78bdec3700"
},
{
"name": "[debian-lts-announce] 20240627 [SECURITY] [DLA 3845-1] dlt-daemon security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00021.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-26257",
"datePublished": "2023-02-27T00:00:00",
"dateReserved": "2023-02-21T00:00:00",
"dateUpdated": "2024-08-02T11:46:23.504Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}