How severe is CVE-2023-32157?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.6 out of 10.

What type of vulnerability is CVE-2023-32157?

This is classified as CWE-122, which is a common weakness in software security.

CVE-2023-32157 - MEDIUM Severity | CVSS 4.6

Vulnerability Description

Tesla Model 3 bsa_server BIP Heap-based Buffer Overflow Arbitrary Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected Tesla Model 3 vehicles. An attacker must first obtain the ability to pair a malicious Bluetooth device with the target system in order to exploit this vulnerability. The specific flaw exists within the bsa_server process. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of an unprivileged user in a sandboxed process. . Was ZDI-CAN-20737.

Related Vulnerabilities

CVE-2024-37601

MEDIUM

CVSS:4.6(Medium)

An issue was discovered in Mercedes Benz NTG (New Telematics Generation) 6. A possible heap buffer overflow exists in the user data import/export function of NTG 6 head units. To perform this attack, ...

CWE-1222024

CVE-2024-43790

MEDIUM

CVSS:4.5(Medium)

Vim is an open source command line text editor. When performing a search and displaying the search-count message is disabled (:set shm+=S), the search pattern is displayed at the bottom of the screen ...

CWE-1222024

CVE-2024-43802

MEDIUM

CVSS:4.5(Medium)

Vim is an improved version of the unix vi text editor. When flushing the typeahead buffer, Vim moves the current position in the typeahead buffer but does not check whether there is enough space left ...

CWE-1222024

CVE-2025-47814

MEDIUM

CVSS:4.5(Medium)

libpspp-core.a in GNU PSPP through 2.0.1 allows attackers to cause a heap-based buffer overflow in inflate_read (called indirectly from spv_read_xml_member) in zip-reader.c.

CWE-1222025

CVE-2025-47815

MEDIUM

CVSS:4.5(Medium)

libpspp-core.a in GNU PSPP through 2.0.1 allows attackers to cause a heap-based buffer overflow in inflate_read (called indirectly from zip_member_read_all) in zip-reader.c.

CWE-1222025

CVE-2024-10253

MEDIUM

CVSS:4.7(Medium)

A potential TOCTOU vulnerability was reported in PC Manager, Lenovo Browser, and Lenovo App Store that could allow a local attacker to cause a system crash.

CWE-1222024