CVE-2022-39837
Published: 25 October 2022
Summary
CVE-2022-39837 is a medium-severity NULL Pointer Dereference (CWE-476) vulnerability in Genivi Diagnostic Log And Trace. Its CVSS base score is 5.5 (Medium).
Operationally, ranked at the 31.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2022-42282
Vulnerability details
An issue was discovered in Connected Vehicle Systems Alliance (COVESA) dlt-daemon through 2.18.8. Due to a faulty DLT file parser, a crafted DLT file that crashes the process can be created. This is due to missing validation checks. There is…
more
a NULL pointer dereference,
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.