Mercedes-Benz NTG 6 Head Unit Heap Buffer Overflow Vulnerability in User Data Import/Export Function

A heap buffer overflow vulnerability has been identified in the user data import/export function of Mercedes-Benz NTG 6 head units. This vulnerability requires local access to the USB interface of the vehicle. An attacker can exploit this issue by sending prepared data, causing the User-Data service to fail. Although the service instance will automatically restart, the failure can disrupt normal operation.

Impact

Exploitation of this vulnerability leads to a crash of the User-Data service, causing the system to freeze. This state can only be restored by performing a hard reset of the vehicle's Electronic Control Unit (ECU).

Reproduction

The vulnerability can be reproduced by importing a specially crafted user profile file through the USB interface. The 'UserData' service decodes the file, leading to a heap buffer overflow. This can be automated with a script that emulates the USB import process and includes the malicious payload.