CVE-2023-26257

HIGH

COVESA dlt-daemon <2.18.8 - Memory Corruption

Title source: llm

Description

An issue was discovered in the Connected Vehicle Systems Alliance (COVESA; formerly GENIVI) dlt-daemon through 2.18.8. Dynamic memory is not released after it is allocated in dlt-control-common.c.

References (3)

[Exploit] https://github.com/COVESA/dlt-daemon/issues/440

[Patch] https://github.com/COVESA/dlt-daemon/pull/441/commits/b6149e203f919c899fefc702a17fbb78bdec3700

[Mailing List] https://lists.debian.org/debian-lts-announce/2024/06/msg00021.html

Scores

CVSS v3 7.5

EPSS 0.0042

EPSS Percentile 61.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Classification

CWE

CWE-401

Status published

Affected Products (1)

covesa/dlt-daemon < 2.18.8

Timeline

Published Feb 27, 2023

Tracked Since Feb 18, 2026