CVE-2020-36244

moderate-risk
Published 2021-02-10

The daemon in GENIVI diagnostic log and trace (DLT), is vulnerable to a heap-based buffer overflow that could allow an attacker to remotely execute arbitrary code on the DLT-Daemon (versions prior to 2.18.6).

Do I need to act?

~
2.6% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
+
Fix available
Upgrade to: 22715aeceaa81ace2c832312529bde3a42d0814f
9
CVSS 9.8/10 Critical
NETWORK / LOW complexity

Affected Products (2)

Diagnostic Log And Trace

Affected Vendors

Debian Genivi

References (8)

Patch https://github.com/GENIVI/dlt-daemon/compare/v2.18.5...v2.18.6
Third Party Advisory https://github.com/GENIVI/dlt-daemon/issues/265
Patch https://lists.debian.org/debian-lts-announce/2022/12/msg00016.html
Third Party Advisory https://us-cert.cisa.gov/ics/advisories/icsa-21-147-01
Patch https://github.com/GENIVI/dlt-daemon/compare/v2.18.5...v2.18.6
Third Party Advisory https://github.com/GENIVI/dlt-daemon/issues/265
Patch https://lists.debian.org/debian-lts-announce/2022/12/msg00016.html
Third Party Advisory https://us-cert.cisa.gov/ics/advisories/icsa-21-147-01
45
/ 100
moderate-risk
Severity 32/34 · Critical
Exploitability 6/34 · Minimal
Exposure 7/34 · Low