Vulnerability Description
A buffer overflow in the dlt_filter_load function in dlt_common.c from dlt-daemon through 2.18.5 (GENIVI Diagnostic Log and Trace) allows arbitrary code execution because fscanf is misused (no limit on the number of characters to be read in the format argument).
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Genivi | Diagnostic Log And Trace | <= 2.18.5 |
| Debian | Debian Linux | 10.0 |
Related Weaknesses (CWE)
References
- https://github.com/GENIVI/dlt-daemon/issues/274ExploitPatchThird Party Advisory
- https://github.com/GENIVI/dlt-daemon/pull/275PatchThird Party Advisory
- https://github.com/GENIVI/dlt-daemon/pull/288PatchThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2022/12/msg00016.htmlMailing ListThird Party Advisory
- https://github.com/GENIVI/dlt-daemon/issues/274ExploitPatchThird Party Advisory
- https://github.com/GENIVI/dlt-daemon/pull/275PatchThird Party Advisory
- https://github.com/GENIVI/dlt-daemon/pull/288PatchThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2022/12/msg00016.htmlMailing ListThird Party Advisory
FAQ
What is CVE-2020-29394?
CVE-2020-29394 is a vulnerability with a CVSS score of 7.8 (HIGH). A buffer overflow in the dlt_filter_load function in dlt_common.c from dlt-daemon through 2.18.5 (GENIVI Diagnostic Log and Trace) allows arbitrary code execution because fscanf is misused (no limit o...
How severe is CVE-2020-29394?
CVE-2020-29394 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-29394?
Check the references section above for vendor advisories and patch information. Affected products include: Genivi Diagnostic Log And Trace, Debian Debian Linux.