CVE-2023-28903
3.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
Summary
An integer overflow in the image processing binary of the MIB3 infotainment unit allows an attacker with local access to the vehicle to cause a denial-of-service of the infotainment system.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Preh Car Connect GmbH (JOYNEXT GmbH) | Volkswagen MIB3 infotainment system MIB3 OI MQB | 0 <= 0304 | affected |
Weaknesses
- CWE-190: CWE-190 Integer Overflow or Wraparound
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: poc
- Automatable: no
- Technical Impact: partial
Additional References
References
- https://i.blackhat.com/EU-24/Presentations/EU-24-Parnishchev-OverTheAirVW.pdf
- https://pcacybersecurity.com/resources/advisory/vulnerabilities-in-vw-mib3-infotainment-2
- https://asrg.io/security-advisories/vulnerabilities-in-volkswagen-mib3-infotainment-part-2/
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.