dlt-daemon: fix CVE-2022-39836 and CVE-2022-39837 - linux/meta-openembedded.git - Mirror of git.openembedded.org/meta-openembedded

diff options

author	Yogita Urade <yogita.urade@windriver.com>	2025-02-21 05:11:07 +0000
committer	Armin Kuster <akuster808@gmail.com>	2025-03-06 09:43:54 -0500
commit	92a5b3ebf07b3a5498cf8266ef6e64ea2e6d6b4c (patch)
tree	de72f767d1c0f5ffbe83f17c0e711ad3c9a9ec81 /meta-python/recipes-devtools/python/python3-automat
parent	5c9db7a2b078144b902411f1f45f04c0a1f677f2 (diff)
download	meta-openembedded-92a5b3ebf07b3a5498cf8266ef6e64ea2e6d6b4c.tar.gz

dlt-daemon: fix CVE-2022-39836 and CVE-2022-39837

CVE-2022-39836: An issue was discovered in Connected Vehicle Systems Alliance (COVESA) dlt-daemon through 2.18.8. Due to a faulty DLT file parser, a crafted DLT file that crashes the process can be created. This is due to missing validation checks. There is a heap-based buffer over-read of one byte. CVE-2022-39837: An issue was discovered in Connected Vehicle Systems Alliance (COVESA) dlt-daemon through 2.18.8. Due to a faulty DLT file parser, a crafted DLT file that crashes the process can be created. This is due to missing validation checks. There is a NULL pointer dereference. Reference: https://nvd.nist.gov/vuln/detail/CVE-2022-39836 https://nvd.nist.gov/vuln/detail/CVE-2022-39837 Upstream patch: https://github.com/COVESA/dlt-daemon/commit/855e0017a980d2990c16f7dbf3b4983b48fac272 Signed-off-by: Yogita Urade <yogita.urade@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>

Diffstat (limited to 'meta-python/recipes-devtools/python/python3-automat')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: