CVE-2023-34399: Integer Overflow
First published: Thu Feb 13 2025(Updated: )
Mercedes-Benz head-unit NTG6 contains functions to import or export profile settings over USB. Some values of this table are serialized archive according boost library. The version of boost library contains vulnerability integer overflow.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mercedes-benz Headunit NTG6 | ||
| Boost |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2023-34399?
CVE-2023-34399 is classified as a high severity vulnerability due to the potential for integer overflow exploitation.
How do I fix CVE-2023-34399?
To fix CVE-2023-34399, apply the latest security patches from Mercedes-Benz for the NTG6 head-unit and ensure the Boost library is updated to a secure version.
What products are affected by CVE-2023-34399?
CVE-2023-34399 affects the Mercedes-Benz NTG6 head-unit as well as specific versions of the Boost library that contain the vulnerability.
What are the consequences of CVE-2023-34399?
Exploitation of CVE-2023-34399 could allow attackers to corrupt memory and potentially execute arbitrary code within the affected systems.
Is there a workaround for CVE-2023-34399?
Currently, the best approach for CVE-2023-34399 is to avoid using the USB import or export functionality until an official fix is available.
- agent/weakness
- agent/references
- agent/author
- agent/description
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/source
- agent/first-publish-date
- agent/severity
- agent/event
- agent/tags
- collector/nvd-api
- source/NVD
- agent/last-modified-date
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/mercedes-benz
- canonical/mercedes-benz headunit ntg6
- vendor/boost
- canonical/boost