Lucene search

[email protected]CVE-2023-29073

HistoryNov 23, 2023 - 3:15 a.m.

CVE-2023-29073

2023-11-2303:15:41

CWE-787

CWE-122

[email protected]

web.nvd.nist.gov

autodesk

autocad

cve-2023-29073

buffer overflow

security vulnerability

nvd

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.5 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

61.1%

JSON

A maliciously crafted MODEL file when parsed through Autodesk AutoCAD 2024 and 2023 can be used to cause a Heap-Based Buffer Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

Affected configurations

NVD

Node

autodeskautocadRange<2024.1macos

autodeskautocadRange2023.0.0–2023.1.4

autodeskautocadRange2024.0.0–2024.1.1

autodeskautocad_advance_steelRange<2023.1.4

autodeskautocad_advance_steelRange2024.0.0–2024.1.1

autodeskautocad_architectureRange<2023.1.4

autodeskautocad_architectureRange2024.0.0–2024.1.1

autodeskautocad_civil_3dRange<2023.1.4

autodeskautocad_civil_3dRange2024.0.0–2024.1.1

autodeskautocad_electricalRange<2023.1.4

autodeskautocad_electricalRange2024.0.0–2024.1.1

autodeskautocad_ltRange<2023.1.4

autodeskautocad_ltRange<2024.1macos

autodeskautocad_ltRange2024.0.0–2024.1.1

autodeskautocad_map_3dRange<2023.1.4

autodeskautocad_map_3dRange2024.0.0–2024.1.1

autodeskautocad_mechanicalRange<2023.1.4

autodeskautocad_mechanicalRange2024.0.0–2024.1.1

autodeskautocad_mepRange<2023.1.4

autodeskautocad_mepRange2024.0.0–2024.1.1

autodeskautocad_plant_3dRange<2023.1.4

autodeskautocad_plant_3dRange2024.0.0–2024.1.1

CPENameOperatorVersion
autodesk:autocadautodesk autocadlt2024.1
autodesk:autocadautodesk autocadlt2023.1.4
autodesk:autocadautodesk autocadlt2024.1.1
autodesk:autocad_advance_steelautodesk autocad advance steellt2023.1.4
autodesk:autocad_advance_steelautodesk autocad advance steellt2024.1.1
autodesk:autocad_architectureautodesk autocad architecturelt2023.1.4
autodesk:autocad_architectureautodesk autocad architecturelt2024.1.1
autodesk:autocad_civil_3dautodesk autocad civil 3dlt2023.1.4
autodesk:autocad_civil_3dautodesk autocad civil 3dlt2024.1.1
autodesk:autocad_electricalautodesk autocad electricallt2023.1.4

CPE	Name	Operator	Version
autodesk:autocad	autodesk autocad	lt	2024.1
autodesk:autocad	autodesk autocad	lt	2023.1.4
autodesk:autocad	autodesk autocad	lt	2024.1.1
autodesk:autocad_advance_steel	autodesk autocad advance steel	lt	2023.1.4
autodesk:autocad_advance_steel	autodesk autocad advance steel	lt	2024.1.1
autodesk:autocad_architecture	autodesk autocad architecture	lt	2023.1.4
autodesk:autocad_architecture	autodesk autocad architecture	lt	2024.1.1
autodesk:autocad_civil_3d	autodesk autocad civil 3d	lt	2023.1.4
autodesk:autocad_civil_3d	autodesk autocad civil 3d	lt	2024.1.1
autodesk:autocad_electrical	autodesk autocad electrical	lt	2023.1.4

Rows per page:

1-10 of 221

CNA Affected

[
  {
    "defaultStatus": "unknown",
    "product": "AutoCAD, Advance Steel and Civil 3D",
    "vendor": "Autodesk",
    "versions": [
      {
        "status": "affected",
        "version": "2024, 2023"
      }
    ]
  }
]