CVE-2023-34401

Name of the Vulnerable Software and Affected Versions Mercedes-Benz head-unit NTG6 (affected versions not specified)

Description The issue is related to the import or export of profile settings over USB in the Mercedes-Benz head-unit NTG6. A file within the profile folder is encoded with a proprietary UD2 codec. Due to missing size checks in the enapsulate file, an attacker can achieve an Out-of-Bound Read in heap memory. Additionally, there is a buffer overflow vulnerability in the libspeech service of the Mercedes-Benz User Experience (MBUX) system when processing UD2 format files, which can allow an attacker to cause a denial of service.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.