Vanetza V2X Denial-of-Service Vulnerability

A denial-of-service vulnerability has been identified in Vanetza V2X version 26.02. This issue allows remote, unauthorized attackers to crash the V2X receiver by sending malformed V2X messages. The vulnerability arises in the GeoNetworking packet processing pipeline, where OpenSSL exceptions related to Elliptic Curve Cryptography (ECC) point validation are not properly handled. As a result, the exceptions escape through the processing stages, leading to a crash by calling std::terminate.

Impact

Exploitation of this vulnerability causes a hard crash of the V2X receiver, disrupting the processing of Cooperative Intelligent Transportation System (C-ITS) messages. This outage eliminates cooperative awareness in Vehicle-to-Vehicle (V2V) and Vehicle-to-Infrastructure (V2I) deployments for the duration of the attack.

Reproduction

The vulnerability can be reproduced by sending crafted ETSI ITS payloads, such as Cooperative Awareness Messages (CAM) or Decentralized Environmental Notification Messages (DENM), that include invalid GeoNetworking headers. These malformed messages can be broadcasted over the air by any node within radio range or by injecting raw 802.11p frames.