CVE-2021-29507 - Vulnerability Details - OpenCVE

GENIVI Diagnostic Log and Trace (DLT) provides a log and trace interface. In versions of GENIVI DLT between 2.10.0 and 2.18.6, a configuration file containing the special characters could cause a vulnerable component to crash. All the applications which are using the configuration file could fail to generate their dlt logs in system. As of time of publication, no patch exists. As a workaround, one may check the integrity of information in configuration file manually.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Genivi	Diagnostic Log And Trace

Configuration 1 [-]

cpe:2.3:a:genivi:diagnostic_log_and_trace:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/GENIVI/dlt-daemon/security/advisories/GHSA-7cqp-2hqj-mh3f

History

No history.

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2021-05-28T21:00:16

Updated: 2024-08-03T22:11:05.507Z

Reserved: 2021-03-30T00:00:00

Link: CVE-2021-29507

Vulnrichment

No data.

NVD

Status : Modified

Published: 2021-05-28T21:15:08.757

Modified: 2024-11-21T06:01:16.337

Link: CVE-2021-29507

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "dlt-daemon", "vendor": "GENIVI", "versions": [{"status": "affected", "version": "> 2.10.0, <= 2.18.6"}]}], "descriptions": [{"lang": "en", "value": "GENIVI Diagnostic Log and Trace (DLT) provides a log and trace interface. In versions of GENIVI DLT between 2.10.0 and 2.18.6, a configuration file containing the special characters could cause a vulnerable component to crash. All the applications which are using the configuration file could fail to generate their dlt logs in system. As of time of publication, no patch exists. As a workaround, one may check the integrity of information in configuration file manually."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "description": "CWE-20: Improper Input Validation", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-06-04T15:45:44", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/GENIVI/dlt-daemon/security/advisories/GHSA-7cqp-2hqj-mh3f"}], "source": {"advisory": "GHSA-7cqp-2hqj-mh3f", "discovery": "UNKNOWN"}, "title": "dlt-daemon could crash if there is special character in dlt.conf", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security-advisories@github.com", "ID": "CVE-2021-29507", "STATE": "PUBLIC", "TITLE": "dlt-daemon could crash if there is special character in dlt.conf"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "dlt-daemon", "version": {"version_data": [{"version_value": "> 2.10.0, <= 2.18.6"}]}}]}, "vendor_name": "GENIVI"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "GENIVI Diagnostic Log and Trace (DLT) provides a log and trace interface. In versions of GENIVI DLT between 2.10.0 and 2.18.6, a configuration file containing the special characters could cause a vulnerable component to crash. All the applications which are using the configuration file could fail to generate their dlt logs in system. As of time of publication, no patch exists. As a workaround, one may check the integrity of information in configuration file manually."}]}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-20: Improper Input Validation"}]}]}, "references": {"reference_data": [{"name": "https://github.com/GENIVI/dlt-daemon/security/advisories/GHSA-7cqp-2hqj-mh3f", "refsource": "CONFIRM", "url": "https://github.com/GENIVI/dlt-daemon/security/advisories/GHSA-7cqp-2hqj-mh3f"}]}, "source": {"advisory": "GHSA-7cqp-2hqj-mh3f", "discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T22:11:05.507Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/GENIVI/dlt-daemon/security/advisories/GHSA-7cqp-2hqj-mh3f"}]}]}, "cveMetadata": {"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2021-29507", "datePublished": "2021-05-28T21:00:16", "dateReserved": "2021-03-30T00:00:00", "dateUpdated": "2024-08-03T22:11:05.507Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:genivi:diagnostic_log_and_trace:*:*:*:*:*:*:*:*", "matchCriteriaId": "DA5FEB4C-1A0C-48F7-B33F-E552FCC193EB", "versionEndIncluding": "2.18.6", "versionStartIncluding": "2.10.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "GENIVI Diagnostic Log and Trace (DLT) provides a log and trace interface. In versions of GENIVI DLT between 2.10.0 and 2.18.6, a configuration file containing the special characters could cause a vulnerable component to crash. All the applications which are using the configuration file could fail to generate their dlt logs in system. As of time of publication, no patch exists. As a workaround, one may check the integrity of information in configuration file manually."}, {"lang": "es", "value": "GENIVI Diagnostic Log and Trace (DLT) proporciona una interfaz de registro y seguimiento. En las versiones de GENIVI DLT comprendidas entre la versi\u00f3n 2.10.0 y la versi\u00f3n 2.18.6, un archivo de configuraci\u00f3n que contenga los caracteres especiales podr\u00eda provocar el fallo de un componente vulnerable. Todas las aplicaciones que utilizan el archivo de configuraci\u00f3n podr\u00edan no generar sus registros dlt en el sistema. En el momento de la publicaci\u00f3n, no existe ning\u00fan parche. Como soluci\u00f3n, se puede comprobar manualmente la integridad de la informaci\u00f3n en el archivo de configuraci\u00f3n"}], "id": "CVE-2021-29507", "lastModified": "2024-11-21T06:01:16.337", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 4.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.1, "impactScore": 3.6, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-05-28T21:15:08.757", "references": [{"source": "security-advisories@github.com", "tags": ["Third Party Advisory"], "url": "https://github.com/GENIVI/dlt-daemon/security/advisories/GHSA-7cqp-2hqj-mh3f"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://github.com/GENIVI/dlt-daemon/security/advisories/GHSA-7cqp-2hqj-mh3f"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "security-advisories@github.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}