Headline
CVE-2023-36321: Check for negative index in dlt_file_message · michael-methner/dlt-daemon@8ac9a08
Connected Vehicle Systems Alliance (COVESA) up to v2.18.8 wwas discovered to contain a buffer overflow via the component /shared/dlt_common.c.
Expand Up @@ -1718,7 +1718,7 @@ DltReturnValue dlt_file_message(DltFile *file, int index, int verbose) return DLT_RETURN_WRONG_PARAMETER;
/* check if message is in range */ if (index >= file->counter) { if (index < 0 || index >= file->counter) { dlt_vlog(LOG_WARNING, "Message %d out of range!\r\n", index); return DLT_RETURN_WRONG_PARAMETER; } Expand Down