CVE-2023-28909
BaseFortify
Publication date: 2025-06-28
Last updated on: 2025-06-30
Assigner: Automotive Security Research Group (ASRG)
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-190 | The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a flaw in the Bluetooth stack of the MIB3 unit, caused by improper validation of user-supplied data. It leads to an integer overflow when receiving fragmented HCI packets on a channel. An attacker can exploit this to bypass the MTU check on a channel with fragmentation enabled, causing a buffer overflow in upper layer profiles, which may allow remote code execution.
How can this vulnerability impact me? :
The vulnerability can allow an attacker to execute remote code on the affected MIB3 unit by exploiting the buffer overflow caused by bypassing the MTU check. This can lead to unauthorized control or compromise of the system using the Bluetooth stack.