CVE-2022-39836 COVESA dlt-daemon through 2.18.8 has a file parser bug that can be exploited to crash the process.

As PDOS is a cross-platform application, the heap-based buffer over-read may happen on different distributions with different configurations.

In order to exploit this issue, an attacker needs to deliver the crafted DLT file to the victim via email, chat, file-sharing, etc.

Moreover, there is no authentication or authorization process in place for accessing the PDOS application. Hence, an attacker can start the PDOS process on the system and launch the crafted DLT file. As PDOS does not validate the DLT file itself, this will result in a heap-based buffer over-read.

Exploitation of this issue may also result in a Denial of Service (DoS) condition.
This issue has been confirmed on PDOS versions 2.18.8, 2.18.9, 2.19.5, 2.20.3, 2.21.1.
This issue has been confirmed on PDOS versions 2.18.8, 2.18.9, 2.19.5, 2.20.3, 2.21.1.

An issue was discovered in WeChat through 1.0.0. WeChat is a messaging app developed by Tencent. This issue occurs due to a bug in WeChat’s security code. An attacker can create a crafted message in WeChat that will result in a remote code execution.

Exploit WeChat

The vulnerability is located in WeChat’s security code. As a result, an attacker can create a crafted message in WeChat that will result in a remote code execution. In order to exploit this issue, an attacker needs to deliver the crafted message to the victim via email, chat, file sharing, etc. Moreover, there are no authentication or authorization processes in place for accessing the WeChat application. Hence, an attacker can start the WeChat process on the system and launch the crafted message. The exploitation of this issue may also result in a Denial of Service (DoS) condition.

CVE-2019-5851
This issue occurs due to insufficient input validation on the headers when validating incoming packets from a peer or server during TLS handshake phase. An attacker can create a maliciously crafted packet with payloads such as “STANDARD” or “MESSAGE” which will cause an out-of-bounds write on stack memory allocated by tls_create_handshake_state(). This out-of-bound write will lead to remote code execution as it overwrites saved return address on stack and then executes it by calling system() function.

WeChat

Security Code
The following is a list of vulnerabilities that have been found in versions 1.0.0 through 1.1.14:

- CVE-2022-39836 - Heap-based buffer over-read on PDOS
- CVE-2020-81866 - Remote code execution on WeChat via message forwarding feature

This issue was discovered by Tencent Security Team (SC).

The issue

The issue occurs due to a bug in WeChat’s security code. An attacker can create a crafted message in WeChat that will result in a remote code execution.

Timeline

Published on: 10/25/2022 17:15:00 UTC
Last modified on: 10/27/2022 14:29:00 UTC

References

• https://seclists.org/fulldisclosure/2022/Sep/24
• https://sec-consult.com/vulnerability-lab/advisory/multiple-memory-corruption-vulnerabilities-in-covesa-dlt-daemon/
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-39836