GENIVI Diagnostic Log and Trace (DLT) provides a log and trace interface.
In versions of GENIVI DLT between 2.10.0 and 2.18.6, a configuration file
containing the special characters could cause a vulnerable component to
crash. All the applications which are using the configuration file could
fail to generate their dlt logs in system. As of time of publication, no
patch exists. As a workaround, one may check the integrity of information
in configuration file manually.
{"id": "UB:CVE-2021-29507", "vendorId": null, "type": "ubuntucve", "bulletinFamily": "info", "title": "CVE-2021-29507", "description": "GENIVI Diagnostic Log and Trace (DLT) provides a log and trace interface.\nIn versions of GENIVI DLT between 2.10.0 and 2.18.6, a configuration file\ncontaining the special characters could cause a vulnerable component to\ncrash. All the applications which are using the configuration file could\nfail to generate their dlt logs in system. As of time of publication, no\npatch exists. As a workaround, one may check the integrity of information\nin configuration file manually.", "published": "2021-05-28T00:00:00", "modified": "2021-05-28T00:00:00", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "SINGLE", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.0}, "severity": "MEDIUM", "exploitabilityScore": 8.0, "impactScore": 2.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM"}, "exploitabilityScore": 2.8, "impactScore": 3.6}, "href": "https://ubuntu.com/security/CVE-2021-29507", "reporter": "ubuntu.com", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29507", "https://github.com/GENIVI/dlt-daemon/security/advisories/GHSA-7cqp-2hqj-mh3f", "https://nvd.nist.gov/vuln/detail/CVE-2021-29507", "https://launchpad.net/bugs/cve/CVE-2021-29507", "https://security-tracker.debian.org/tracker/CVE-2021-29507"], "cvelist": ["CVE-2021-29507"], "immutableFields": [], "lastseen": "2022-10-26T13:33:41", "viewCount": 5, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-29507"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2021-29507"]}], "rev": 4}, "score": {"value": 4.0, "vector": "NONE"}, "backreferences": {"references": [{"type": "cve", "idList": ["CVE-2021-29507"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2021-29507"]}]}, "exploitation": null, "vulnersScore": 4.0}, "_state": {"dependencies": 1666791329, "score": 1666791225}, "_internal": {"score_hash": "8e1100a1c588d25527f17586357cf343"}, "affectedPackage": [{"OS": "ubuntu", "OSVersion": "20.04", "arch": "noarch", "packageVersion": "any", "packageFilename": "UNKNOWN", "operator": "lt", "status": "needs triage", "packageName": "dlt-daemon"}, {"OS": "ubuntu", "OSVersion": "22.04", "arch": "noarch", "packageVersion": "any", "packageFilename": "UNKNOWN", "operator": "lt", "status": "needs triage", "packageName": "dlt-daemon"}, {"OS": "ubuntu", "OSVersion": "upstream", "arch": "noarch", "packageVersion": "any", "packageFilename": "UNKNOWN", "operator": "lt", "status": "needs triage", "packageName": "dlt-daemon"}, {"OS": "ubuntu", "OSVersion": "upstream", "arch": "noarch", "packageVersion": "any", "packageFilename": "UNKNOWN", "operator": "lt", "status": "needs triage", "packageName": "dlt-daemon"}], "bugs": []}
{"cve": [{"lastseen": "2022-08-02T18:49:18", "description": "GENIVI Diagnostic Log and Trace (DLT) provides a log and trace interface. In versions of GENIVI DLT between 2.10.0 and 2.18.6, a configuration file containing the special characters could cause a vulnerable component to crash. All the applications which are using the configuration file could fail to generate their dlt logs in system. As of time of publication, no patch exists. As a workaround, one may check the integrity of information in configuration file manually.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-05-28T21:15:00", "type": "cve", "title": "CVE-2021-29507", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-29507"], "modified": "2022-08-02T15:59:00", "cpe": ["cpe:/a:genivi:diagnostic_log_and_trace:2.18.6"], "id": "CVE-2021-29507", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-29507", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:genivi:diagnostic_log_and_trace:2.18.6:*:*:*:*:*:*:*"]}], "debiancve": [{"lastseen": "2023-01-16T06:07:15", "description": "GENIVI Diagnostic Log and Trace (DLT) provides a log and trace interface. In versions of GENIVI DLT between 2.10.0 and 2.18.6, a configuration file containing the special characters could cause a vulnerable component to crash. All the applications which are using the configuration file could fail to generate their dlt logs in system. As of time of publication, no patch exists. As a workaround, one may check the integrity of information in configuration file manually.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-05-28T21:15:00", "type": "debiancve", "title": "CVE-2021-29507", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-29507"], "modified": "2021-05-28T21:15:00", "id": "DEBIANCVE:CVE-2021-29507", "href": "https://security-tracker.debian.org/tracker/CVE-2021-29507", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}]}
CVE-2021-29507
