Kaspersky Advisory

(K-Mercedes-Benz-2023-004) Integer overflow in boost library

Type

Integer overflow

Vendor

HARMAN Becker Automotive Systems GmbH

Affected products

Mercedes Benz NTG 6

CVSS v3 Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CVSS v3 Score

5.5 medium

CVE ID

CVE-2023-34399

Vulnerability description

Head-unit NTG6 contains functions to import or export profile settings over USB. Some values of this table are serialized archive according boost library. The version of boost library contains vulnerability integer overflow.

Remediation

Apply updates per vendor instructions.

Acknowledgements

Vulnerability was discovered by Radu Motspan (Kaspersky).

References

https://github.com/klsecservices/Advisories/blob/master/K-Mercedes-Benz-2023-004.md Report EN: https://securelist.com/mercedes-benz-head-unit-security-research/115218/ RU: https://securelist.ru/mercedes-benz-head-unit-security-research/111516/ https://github.com/klsecservices/Publications/blob/master/Mercedes-Benz_Head_Unit_security_research_report.pdf

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

K-Mercedes-Benz-2023-004.md

K-Mercedes-Benz-2023-004.md

Kaspersky Advisory

(K-Mercedes-Benz-2023-004) Integer overflow in boost library

Type

Vendor

Affected products

CVSS v3 Vector

CVSS v3 Score

CVE ID

Vulnerability description

Remediation

Acknowledgements

References

Files

K-Mercedes-Benz-2023-004.md

Latest commit

History

K-Mercedes-Benz-2023-004.md

File metadata and controls

Kaspersky Advisory

(K-Mercedes-Benz-2023-004) Integer overflow in boost library

Type

Vendor

Affected products

CVSS v3 Vector

CVSS v3 Score

CVE ID

Vulnerability description

Remediation

Acknowledgements

References