CVE-2020-27524
Summary
| CVE | CVE-2020-27524 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2020-11-11 15:15:00 UTC |
| Updated | 2020-12-30 15:12:00 UTC |
| Description | On Audi A7 MMI 2014 vehicles, the Bluetooth stack in Audi A7 MMI Multiplayer with version (N+R_CN_AU_P0395) mishandles %x and %s format string specifiers in a device name. This may lead to memory content leaks and potentially crash the services. |
Risk And Classification
Problem Types: CWE-134
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Hardware | Audi | A7 | - | All | All | All |
| Hardware | Audi | A7 | - | All | All | All |
| Application | Audi | Mmi Multiplayer | n\+r_cn_au_p0395 | All | All | All |
| Application | Audi | Mmi Multiplayer | n\+r_cn_au_p0395 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Kevin2600 auf Twitter: "There was CVE-2020-16142 for Benz and CVE-2017-9212 for BMW. Now I present you, Audi. Because why not ???? https://t.co/JnkGeTgw9x… https://t.co/vZZHv6mCBj" | MISC | twitter.com | Third Party Advisory |
| Audi A7 MMI Format Strings Specifiers handling Vuln - YouTube | MISC | www.youtube.com | Exploit, Third Party Advisory |
| Tiger-Team-1337: Audi A7 2014 MMI Mishandles the Format-string Specifiers | MISC | tiger-team-1337.blogspot.com | Exploit, Third Party Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.