Описание
An issue was discovered in Mercedes Benz NTG (New Telematics Generation) 6. A possible heap buffer overflow exists in the user data import/export function of NTG 6 head units. To perform this attack, local access to the USB interface of the car is needed. With prepared data, an attacker can cause the User-Data service to fail. The failed service instance will restart automatically.
Ссылки
- Third Party Advisory
Уязвимые конфигурации
EPSS
4.6 Medium
CVSS3
Дефекты
Связанные уязвимости
An issue was discovered in Mercedes Benz NTG (New Telematics Generation) 6. A possible heap buffer overflow exists in the user data import/export function of NTG 6 head units. To perform this attack, local access to the USB interface of the car is needed. With prepared data, an attacker can cause the User-Data service to fail. The failed service instance will restart automatically.
Уязвимость функций CHBString::const_iterator::incrementSteps() и CHBString::remove() службы UserData системы мультимедиа Mercedes-Benz User Experience (MBUX), позволяющая нарушителю вызвать отказ в обслуживании
EPSS
4.6 Medium
CVSS3