CVE-2020-29394
Last modified
CVE-2020-29394 is a high-severity vulnerability rated 7.8/10 on the CVSS scale. A buffer overflow in the dlt_filter_load function in dlt_common.c from dlt-daemon through 2.18.5 (GENIVI Diagnostic Log and Trace) allows arbitrary code execution because fscanf is misused (no limit on the number of characters to be read in the format argument).. EPSS estimates a 1.86% chance of exploitation in the next 30 days.
Description
A buffer overflow in the dlt_filter_load function in dlt_common.c from dlt-daemon through 2.18.5 (GENIVI Diagnostic Log and Trace) allows arbitrary code execution because fscanf is misused (no limit on the number of characters to be read in the format argument).
Metrics
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Genivi | Diagnostic Log And Trace | <= 2.18.5 |
| Debian | Debian Linux | 10.0 |
References
- https://github.com/GENIVI/dlt-daemon/issues/274Exploit, Patch, Third Party Advisory
- https://github.com/GENIVI/dlt-daemon/pull/275Patch, Third Party Advisory
- https://github.com/GENIVI/dlt-daemon/pull/288Patch, Third Party Advisory
- https://lists.debian.org/debian-lts-announce/2022/12/msg00016.htmlMailing List, Third Party Advisory
- https://github.com/GENIVI/dlt-daemon/issues/274Exploit, Patch, Third Party Advisory
- https://github.com/GENIVI/dlt-daemon/pull/275Patch, Third Party Advisory
- https://github.com/GENIVI/dlt-daemon/pull/288Patch, Third Party Advisory
- https://lists.debian.org/debian-lts-announce/2022/12/msg00016.htmlMailing List, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2020-29394?
How severe is CVE-2020-29394?
How do I fix CVE-2020-29394?
Are you affected by CVE-2020-29394?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST