漏洞标题
N/A
漏洞描述信息
在康力德 AG 的阿尔派 Infineon S-Gold 2 (PMB 8876)芯片上,发现了基于栈的缓冲区溢出问题,在2009年至2010年期间生产的宝马有几种车型,福特生产了有限的P-HEV车辆,finiti 2013 JX35,finiti 2014-2016 QX60,finiti 2014-2016 QX60 Hybrid,finiti 2014-2015 QX50,finiti 2014-2015 QX50 Hybrid,finiti 2013 M37/M56,finiti 2014-2016 Q70,finiti 2014-2016 Q70L,finiti 2015-2016 Q70 Hybrid,finiti 2013 QX56,finiti 2014-2016 QX 80,和Nissan 2011-2015 Leaf。具有与HCU物理连接的攻击者可能会利用AT命令处理中的缓冲区溢出条件。这可能导致HCU基带射频处理器上的任意代码执行。
CVSS信息
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
漏洞类别
N/A
漏洞标题
N/A
漏洞描述信息
A Stack-Based Buffer Overflow issue was discovered in the Continental AG Infineon S-Gold 2 (PMB 8876) chipset on BMW several models produced between 2009-2010, Ford a limited number of P-HEV vehicles, Infiniti 2013 JX35, Infiniti 2014-2016 QX60, Infiniti 2014-2016 QX60 Hybrid, Infiniti 2014-2015 QX50, Infiniti 2014-2015 QX50 Hybrid, Infiniti 2013 M37/M56, Infiniti 2014-2016 Q70, Infiniti 2014-2016 Q70L, Infiniti 2015-2016 Q70 Hybrid, Infiniti 2013 QX56, Infiniti 2014-2016 QX 80, and Nissan 2011-2015 Leaf. An attacker with a physical connection to the TCU may exploit a buffer overflow condition that exists in the processing of AT commands. This may allow arbitrary code execution on the baseband radio processor of the TCU.
CVSS信息
N/A
漏洞类别
栈缓冲区溢出
漏洞标题
Continental AG Infineon S-Gold 2 (PMB 8876) chipset 缓冲区错误漏洞
漏洞描述信息
Continental AG Infineon S-Gold 2 (PMB 8876) chipset是德国Continental AG(Conti)公司生产的一个应用在汽车中的远程信息处理控制单元。 Continental AG Infineon S-Gold 2 (PMB 8876) chipset中的telematics control modules (TCUs)存在基于栈的缓冲区溢出漏洞。攻击者可通过连接TCU利用该漏洞执行任意代码。以下汽车型号受到影响:BMW several models p
CVSS信息
N/A
漏洞类别
缓冲区错误