CVE-2023-28902

Denial of Service via integer underflow in picserver

CVSS 3.3 LOWEPSS 0.2%CWE-191

An integer underflow in the image processing binary of the MIB3 infotainment unit allows an attacker with local access to the vehicle to cause denial-of-service of the infotainment system. The vulnerability was originally discovered in Skoda Superb III car with MIB3 infotainment unit OEM part number 3V0035820. The list of affected MIB3 OEM part numbers is provided in the referenced resources.

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

Affected products

Preh Car Connect GmbH (JOYNEXT GmbH) · Volkswagen MIB3 infotainment system MIB3 OI MQB

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://asrg.io/security-advisories/vulnerabilities-in-volkswagen-mib3-infotainment-part-2/https://i.blackhat.com/EU-24/Presentations/EU-24-Parnishchev-OverTheAirVW.pdf https://pcacybersecurity.com/resources/advisory/vulnerabilities-in-vw-mib3-infotainment-2