CVE-2023-34400: Null Pointer Dereference
Mercedes-Benz head-unit NTG6 contains functions to import or export profile settings over USB. In case of parsing file, service try to define header inside the file and convert it to null-terminated string. If character is missed, will return null pointer.
Affected Software
Event History
Frequently Asked Questions
What is the severity of CVE-2023-34400?
The severity of CVE-2023-34400 is classified as medium due to its potential impact on the functionality of the Mercedes-Benz NTG6 head-unit.
How do I fix CVE-2023-34400?
To fix CVE-2023-34400, users should apply the latest software updates from Mercedes-Benz for the NTG6 head-unit.
What impact does CVE-2023-34400 have on the Mercedes-Benz NTG6?
CVE-2023-34400 could lead to a denial-of-service condition if the head-unit fails to properly handle malformed files during USB profile imports.
Is CVE-2023-34400 being actively exploited?
As of now, there are no confirmed reports of active exploitation of CVE-2023-34400.
What should I do if I suspect my vehicle is affected by CVE-2023-34400?
If you suspect your vehicle is affected by CVE-2023-34400, it is recommended to contact a Mercedes-Benz dealership for assistance and further guidance.