CVE-2022-31291

Name of the Vulnerable Software and Affected Versions dlt-daemon version 2.18.8

Description An issue in the dlt config file parser.c file allows attackers to cause a double free via crafted TCP packets. This can be exploited by sending specifically crafted packets to the affected system.

Recommendations For dlt-daemon version 2.18.8, consider restricting access to the dlt config file parser.c function until a patch is available. As a temporary workaround, avoid using the affected function to parse configuration files from untrusted sources. At the moment, there is no information about a newer version that contains a fix for this vulnerability.