CNNVD-202506-3643 Information
CNNVD ID
CNNVD-202506-3643
Related CVE
- CNNVD Published: 2025-06-28
Description (Chinese)
Volkswagen MIB3 Infotainment是德国大众汽车(Volkswagen)公司的一款汽车上的信息娱乐系统。 Volkswagen MIB3 Infotainment存在安全漏洞,该漏洞源于蓝牙栈中缺乏对用户提供数据的适当验证,可能导致接收分段HCI数据包时发生整数溢出,进而导致缓冲区溢出和远程代码执行。
Description (English)
Volkswagen MIB3 Information is an information and entertainment system in a car owned by Volkswagen. There is a security loophole in Volkswagen MIB3 Information, which stems from the lack of proper validation of data provided by users in the Bluetooth Dam, which could lead to an integer spill when the HCI package is received, leading to a buffer zone spill and remote code implementation.
Hazard Level
Medium
Vulnerability Type
其他
Affected Vendor
大众汽车
Published
2025-06-28
Last Modified
2026-02-24
References
https://asrg.io/security-advisories/vulnerabilities-in-volkswagen-mib3-infotainment-part-2/ https://i.blackhat.com/EU-24/Presentations/EU-24-Parnishchev-OverTheAirVW.pdf https://pcacybersecurity.com/resources/advisory/vulnerabilities-in-vw-mib3-infotainment-2 https://access.redhat.com/security/cve/cve-2023-28909
Patch
https://www.volkswagen.co.uk/en.html
Share on: