You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
A buffer overflow vulnerability exists in the DLT_MSG_READ_STRING function called by the dlt_message_argument_print function.
NULL byte overflow occurs when copying a string of DLT_CONVERT_TEXTBUFSIZE (10024) length.
Details
Execute dlt-convert with the -a argument, using a DLT file containing a string of length DLT_CONVERT_TEXTBUFSIZE
The functions are called in the following sequence: dlt_message_payload -> dlt_message_argument_print -> DLT_MSG_READ_STRING
Attachment.zip
Attaching the DLT file capable of triggering the vulnerability and the ASAN report.
The vulnerability can be reproduced by executing the command dlt-convert -a ./poc.dlt.
The text was updated successfully, but these errors were encountered:
Summary
A buffer overflow vulnerability exists in the DLT_MSG_READ_STRING function called by the dlt_message_argument_print function.
NULL byte overflow occurs when copying a string of DLT_CONVERT_TEXTBUFSIZE (10024) length.
Details
dlt_message_payload
->dlt_message_argument_print
->DLT_MSG_READ_STRING
(https://github.com/COVESA/dlt-daemon/blob/master/include/dlt/dlt_common.h#L323)
Test environment
Attachment
Attachment.zip
Attaching the DLT file capable of triggering the vulnerability and the ASAN report.
The vulnerability can be reproduced by executing the command
dlt-convert -a ./poc.dlt
.The text was updated successfully, but these errors were encountered: