{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/vendors/toyota/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":["go-zserio"],"_cs_severities":["medium"],"_cs_tags":["memory-allocation","denial-of-service","go-zserio"],"_cs_type":"advisory","_cs_vendors":["Toyota"],"content_html":"\u003cp\u003eA critical vulnerability exists in the go-zserio library, a tool used for serializing data structures, specifically in versions prior to 0.9.1. The vulnerability stems from how the library handles deserialization of arrays, strings, and byte arrays (blobs). When processing these data types, go-zserio reads a size value directly from the input data stream and uses this value to allocate memory. Because the library trusts the provided size without proper validation, a malicious actor can craft a data file containing an extremely large size value. This causes the go-zserio runtime to allocate an excessive amount of memory, potentially exhausting system resources and resulting in a denial-of-service (DoS) condition. The vulnerable library could be integrated into any application that parses untrusted data using go-zserio.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker crafts a malicious zserio data file containing an excessively large size value for an array, string, or blob field.\u003c/li\u003e\n\u003cli\u003eThe attacker delivers the malicious data file to a vulnerable application that uses go-zserio for data deserialization. This could be achieved through various means, such as uploading the file to a server, sending it as an attachment, or including it in a network packet.\u003c/li\u003e\n\u003cli\u003eThe vulnerable application receives the malicious data file and attempts to deserialize it using the go-zserio library.\u003c/li\u003e\n\u003cli\u003eThe go-zserio library reads the large size value from the malicious data file.\u003c/li\u003e\n\u003cli\u003eBased on this untrusted size value, the go-zserio library attempts to allocate a large amount of memory to store the incoming data.\u003c/li\u003e\n\u003cli\u003eThe memory allocation request consumes significant system resources, potentially exhausting available memory.\u003c/li\u003e\n\u003cli\u003eThe system may become unresponsive or crash due to memory exhaustion.\u003c/li\u003e\n\u003cli\u003eThe application experiences a denial-of-service condition, becoming unavailable to legitimate users.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability can lead to a denial-of-service condition. The affected application becomes unavailable, impacting business operations and potentially causing data loss or corruption. The severity of the impact depends on the role and importance of the application within the organization\u0026rsquo;s infrastructure. It is not known how many organizations are affected by this vulnerability.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade to go-zserio version 0.9.1 or later to patch the vulnerability.\u003c/li\u003e\n\u003cli\u003eImplement input validation to check the size of arrays, strings, and blobs before deserialization, preventing excessive memory allocation.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u003ccode\u003eDetect Suspicious Large Memory Allocation\u003c/code\u003e to identify processes allocating unusually large amounts of memory, which may indicate exploitation attempts.\u003c/li\u003e\n\u003cli\u003eMonitor applications that use go-zserio for excessive memory consumption using system monitoring tools.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2024-11-01T12:00:00Z","date_published":"2024-11-01T12:00:00Z","id":"/briefs/2024-11-01-go-zserio-memory-allocation/","summary":"go-zserio versions prior to 0.9.1 are vulnerable to unbounded memory allocation when deserializing data, potentially leading to denial of service.","title":"go-zserio Unbounded Memory Allocation Vulnerability","url":"https://feed.craftedsignal.io/briefs/2024-11-01-go-zserio-memory-allocation/"},{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":["Navigation Data Standard (NDS)","zserio-runtime"],"_cs_severities":["medium"],"_cs_tags":["zserio","denial-of-service","memory-allocation","nds"],"_cs_type":"advisory","_cs_vendors":["Toyota","BMW","Volkswagen","Mercedes-Benz"],"content_html":"\u003cp\u003eA critical vulnerability exists within the Zserio runtime library, a serialization framework used in various applications, including the Navigation Data Standard (NDS) for automotive systems. This flaw allows a malicious actor to trigger an unbounded memory allocation by providing a specially crafted input. A payload as small as 4-5 bytes can cause memory allocations of up to 16 GB, resulting in a denial-of-service (DoS) condition due to an out-of-memory (OOM) error. This issue affects Zserio versions 2.18.0 and earlier. The vulnerability stems from insufficient validation of the declared size of data structures during deserialization, leading to excessive memory reservation. Exploitation could disrupt critical systems relying on Zserio, particularly within the automotive sector where NDS is widely deployed.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker crafts a malicious NDS data payload.\u003c/li\u003e\n\u003cli\u003eThe payload includes a \u0026ldquo;varsize\u0026rdquo; field claiming an extremely large size (e.g., 2,147,483,647 bytes).\u003c/li\u003e\n\u003cli\u003eThe vulnerable Zserio runtime attempts to deserialize the payload.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003eArray.h\u003c/code\u003e or \u003ccode\u003eArray.java\u003c/code\u003e code calls \u003ccode\u003ereserve()\u003c/code\u003e or \u003ccode\u003ereset()\u003c/code\u003e with the attacker-controlled size.\u003c/li\u003e\n\u003cli\u003eThe system attempts to allocate a large block of memory (up to 16 GB), based on the attacker-specified size.\u003c/li\u003e\n\u003cli\u003eMemory allocation fails, or consumes excessive resources.\u003c/li\u003e\n\u003cli\u003eThe application crashes due to an out-of-memory (OOM) error.\u003c/li\u003e\n\u003cli\u003eThe denial-of-service condition prevents the application from functioning correctly.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eThe vulnerability affects applications utilizing the Zserio serialization framework, including the Navigation Data Standard (NDS) used by 43 member companies, including Toyota, BMW, Volkswagen, and Mercedes-Benz. Successful exploitation can lead to a denial-of-service (DoS) condition, potentially impacting millions of cars on the road that rely on NDS for map updates and navigation data. Attack vectors include NDS.Live cloud map updates, map data supply chain compromise, and backend data processing pipelines. On 32-bit automotive ECUs, this could affect ADAS functionality. A 4-byte payload can trigger the allocation of 762MB of memory, and a 5-byte payload triggers an allocation of 16GB, leading to a system crash.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApply the patch available in Zserio version 2.18.1 to remediate the vulnerability (\u003ca href=\"https://github.com/ndsev/zserio/releases/tag/v2.18.1\"\u003ehttps://github.com/ndsev/zserio/releases/tag/v2.18.1\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eImplement input validation to ensure that the declared size of data structures during deserialization does not exceed the remaining size of the input stream, as suggested in the advisory.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u003ccode\u003eDetect Zserio Large Memory Allocation\u003c/code\u003e to identify potential exploitation attempts in environments where Zserio is used.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2024-05-02T12:00:00Z","date_published":"2024-05-02T12:00:00Z","id":"/briefs/2024-05-zserio-oom/","summary":"A crafted payload can force memory allocations of up to 16 GB, leading to a denial-of-service condition in applications using the Zserio serialization framework, including those within the automotive Navigation Data Standard (NDS).","title":"Zserio Runtime Unbounded Memory Allocation Vulnerability","url":"https://feed.craftedsignal.io/briefs/2024-05-zserio-oom/"}],"language":"en","title":"CraftedSignal Threat Feed — Toyota","version":"https://jsonfeed.org/version/1.1"}