CVE-2021-29507
dlt-daemon could crash if there is special character in dlt.conf
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 5.7EPSS 0.7%KEV nãoPoC —Nuclei —Metasploit —Patch —
Lifecycle
28 May 2021Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
GENIVI Diagnostic Log and Trace (DLT) provides a log and trace interface. In versions of GENIVI DLT between 2.10.0 and 2.18.6, a configuration file containing the special characters could cause a vulnerable component to crash. All the applications which are using the configuration file could fail to generate their dlt logs in system. As of time of publication, no patch exists. As a workaround, one may check the integrity of information in configuration file manually.
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
Affected products
GENIVI · dlt-daemon