Mercedes-Benz head-unit NTG6 contains functions to import or export profile settings over USB. Inside profile folder there is a file, which is encoded with proprietary UD2 codec. Due to missed size checks in the enapsulate file, attacker can achieve Out-of-Bound Read in heap memory.
Metrics
Affected Vendors & Products
| Vendors | Products |
|---|---|
| Mercedes-benz |
|
Configuration 1 [-]
|
No data.
References
History
Fri, 27 Jun 2025 16:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Mercedes-benz
Mercedes-benz headunit Ntg6 Mercedes-benz User Experience |
|
| CPEs | cpe:2.3:a:mercedes-benz:headunit_ntg6_mercedes-benz_user_experience:*:*:*:*:*:*:*:* | |
| Vendors & Products |
Mercedes-benz
Mercedes-benz headunit Ntg6 Mercedes-benz User Experience |
Tue, 18 Mar 2025 16:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Weaknesses | CWE-125 | |
| Metrics |
cvssV3_1
|
Thu, 13 Feb 2025 22:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Mercedes-Benz head-unit NTG6 contains functions to import or export profile settings over USB. Inside profile folder there is a file, which is encoded with proprietary UD2 codec. Due to missed size checks in the enapsulate file, attacker can achieve Out-of-Bound Read in heap memory. | |
| References |
|
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2025-02-13T00:00:00.000Z
Updated: 2025-03-18T16:08:57.621Z
Reserved: 2023-06-05T00:00:00.000Z
Link: CVE-2023-34401
Vulnrichment
Updated: 2025-02-19T17:00:53.309Z
NVD
Status : Analyzed
Published: 2025-02-13T23:15:08.867
Modified: 2025-06-27T16:12:44.720
Link: CVE-2023-34401
Redhat
No data.