Lucene search

ODACVE-2023-5180

HistoryDec 26, 2023 - 9:15 a.m.

CVE-2023-5180

2023-12-2609:15:07

CWE-787

ODA

web.nvd.nist.gov

cve-2023-5180

open design alliance

drawings sdk

nvd

security

vulnerability

code execution

dgn file

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

7.4

Confidence

High

EPSS

0.001

Percentile

21.5%

JSON

An issue was discovered in Open Design Alliance
Drawings SDK before 2024.12. A corrupted value of number
of sectors used by the Fat structure in a crafted DGN file leads to an
out-of-bounds write. An attacker can leverage this vulnerability to execute
code in the context of the current process.

Affected configurations

Nvd

Node

opendesigndrawings_sdkRange<2024.12

VendorProductVersionCPE
opendesigndrawings_sdk*cpe:2.3:a:opendesign:drawings_sdk:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
opendesign	drawings_sdk	*	cpe:2.3:a:opendesign:drawings_sdk::::::::

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "ODA Drawings SDK - All Versions < 2024.12",
    "vendor": "Open Design Alliance",
    "versions": [
      {
        "lessThan": "2024.12",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

References

www.opendesign.com/security-advisories

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

7.4

Confidence

High

EPSS

0.001

Percentile

21.5%

JSON

Related for CVE-2023-5180