cnvd - cnvd-2025-14982

CNVD-2025-14982

Vulnerability from cnvd - Published: 2025-07-01

Title

SONY XAV-AX5500栈缓冲区溢出漏洞（CNVD-2025-14982）

Description

SONY XAV-AX5500是一款7英寸车载中控设备，具有多种功能和先进的技术特点。 SONY XAV-AX5500存在栈缓冲区溢出漏洞，该漏洞源于Apple CarPlay协议的实现中，攻击者可利用该漏洞执行任意代码。

Severity

高

Patch Name

SONY XAV-AX5500栈缓冲区溢出漏洞（CNVD-2025-14982）的补丁

Patch Description

SONY XAV-AX5500是一款7英寸车载中控设备，具有多种功能和先进的技术特点。 SONY XAV-AX5500存在栈缓冲区溢出漏洞，该漏洞源于Apple CarPlay协议的实现中，攻击者可利用该漏洞执行任意代码。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已发布升级程序修复该安全问题，详情见厂商官网： https://www.sony.com/electronics/support/mobile-cd-players-digital-media-players-xav-series/xav-ax5500/software/00274156

Reference

https://www.zerodayinitiative.com/advisories/ZDI-24-877/

Impacted products

Name
SONY XAV-AX5500

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2024-23933",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2024-23933"
    }
  },
  "description": "SONY XAV-AX5500\u662f\u4e00\u6b3e7\u82f1\u5bf8\u8f66\u8f7d\u4e2d\u63a7\u8bbe\u5907\uff0c\u5177\u6709\u591a\u79cd\u529f\u80fd\u548c\u5148\u8fdb\u7684\u6280\u672f\u7279\u70b9\u3002\n\nSONY XAV-AX5500\u5b58\u5728\u6808\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8eApple CarPlay\u534f\u8bae\u7684\u5b9e\u73b0\u4e2d\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u7a0b\u5e8f\u4fee\u590d\u8be5\u5b89\u5168\u95ee\u9898\uff0c\u8be6\u60c5\u89c1\u5382\u5546\u5b98\u7f51\uff1a\r\nhttps://www.sony.com/electronics/support/mobile-cd-players-digital-media-players-xav-series/xav-ax5500/software/00274156",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2025-14982",
  "openTime": "2025-07-01",
  "patchDescription": "SONY XAV-AX5500\u662f\u4e00\u6b3e7\u82f1\u5bf8\u8f66\u8f7d\u4e2d\u63a7\u8bbe\u5907\uff0c\u5177\u6709\u591a\u79cd\u529f\u80fd\u548c\u5148\u8fdb\u7684\u6280\u672f\u7279\u70b9\u3002\r\n\r\nSONY XAV-AX5500\u5b58\u5728\u6808\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8eApple CarPlay\u534f\u8bae\u7684\u5b9e\u73b0\u4e2d\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "SONY XAV-AX5500\u6808\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff08CNVD-2025-14982\uff09\u7684\u8865\u4e01",
  "products": {
    "product": "SONY XAV-AX5500"
  },
  "referenceLink": "https://www.zerodayinitiative.com/advisories/ZDI-24-877/",
  "serverity": "\u9ad8",
  "submitTime": "2024-07-01",
  "title": "SONY XAV-AX5500\u6808\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff08CNVD-2025-14982\uff09"
}

CVE-2024-23933 (GCVE-0-2024-23933)

Vulnerability from cvelistv5 – Published: 2024-09-23 14:12 – Updated: 2025-08-26 20:58

Summary

Sony XAV-AX5500 CarPlay TLV Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Sony XAV-AX5500 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the Apple CarPlay protocol. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-23238

Severity ?

6.8 (Medium)


                        
                          CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-121 - Stack-based Buffer Overflow

Assigner

ASRG

References

URL

Tags

	https://www.zerodayinitiative.com/advisories/ZDI-…	x_research-advisory
	https://www.sony.com/electronics/support/mobile-c…	vendor-advisory

Impacted products

	Vendor	Product	Version
	Sony	XAV-AX5500	Affected: 1.13

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "PHYSICAL",
              "availabilityImpact": "HIGH",
              "baseScore": 6.8,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-23933",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-23T14:35:34.432356Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-08-26T20:58:21.507Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "XAV-AX5500",
          "vendor": "Sony",
          "versions": [
            {
              "status": "affected",
              "version": "1.13"
            }
          ]
        }
      ],
      "dateAssigned": "2024-06-14T23:05:00.000Z",
      "datePublic": "2024-06-22T00:01:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eSony XAV-AX5500 CarPlay TLV Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of \tSony XAV-AX5500 devices. Authentication is not required to exploit this vulnerability.\u003c/p\u003e\u003cp\u003eThe specific flaw exists within the implementation of the Apple CarPlay protocol. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the device.\u003c/p\u003e\u003cp\u003eWas ZDI-CAN-23238\u003c/p\u003e"
            }
          ],
          "value": "Sony XAV-AX5500 CarPlay TLV Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of \tSony XAV-AX5500 devices. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the implementation of the Apple CarPlay protocol. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the device.\n\nWas ZDI-CAN-23238"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "PHYSICAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-121",
              "description": "CWE-121: Stack-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-09-23T14:12:38.125Z",
        "orgId": "c15abc07-96a9-4d11-a503-5d621bfe42ba",
        "shortName": "ASRG"
      },
      "references": [
        {
          "name": "ZDI-24-877",
          "tags": [
            "x_research-advisory"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-877/"
        },
        {
          "name": "vendor-provided URL",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.sony.com/electronics/support/mobile-cd-players-digital-media-players-xav-series/xav-ax5500/software/00274156"
        }
      ],
      "source": {
        "discovery": "EXTERNAL",
        "lang": "en",
        "value": "Midnight Blue / PHP Hooligans"
      },
      "title": "Sony XAV-AX5500 CarPlay TLV Stack-based Buffer Overflow Remote Code Execution Vulnerability",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c15abc07-96a9-4d11-a503-5d621bfe42ba",
    "assignerShortName": "ASRG",
    "cveId": "CVE-2024-23933",
    "datePublished": "2024-09-23T14:12:38.125Z",
    "dateReserved": "2024-01-23T21:45:30.919Z",
    "dateUpdated": "2025-08-26T20:58:21.507Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2025-14982

CVE-2024-23933 (GCVE-0-2024-23933)

Tags

Sightings

Nomenclature