CVE-2023-28903 | THREATINT

Description

An integer overflow in the image processing binary of the MIB3 infotainment unit allows an attacker with local access to the vehicle to cause a denial-of-service of the infotainment system.

PUBLISHED Reserved 2023-03-27 | Published 2025-06-28 | Updated 2025-06-30 | Assigner ASRG

LOW: 3.3CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

Problem types

CWE-190 Integer Overflow or Wraparound

Product status

Default status

unaffected

Any version

affected

Credits

Artem Ivachev from PCA Cyber Security (PCAutomotive) finder

References

i.blackhat.com/...tations/EU-24-Parnishchev-OverTheAirVW.pdf exploit

i.blackhat.com/...tations/EU-24-Parnishchev-OverTheAirVW.pdf

pcacybersecurity.com/...rabilities-in-vw-mib3-infotainment-2 technical-description

asrg.io/...abilities-in-volkswagen-mib3-infotainment-part-2/ third-party-advisory

cve.org (CVE-2023-28903)

nvd.nist.gov (CVE-2023-28903)

Download JSON