Lucene search

ODACVELIST:CVE-2023-5180

HistoryDec 26, 2023 - 8:35 a.m.

CVE-2023-5180 Out-of-bounds Write vulnerability exists in ODA Drawings SDK before 2024.12

2023-12-2608:35:37

CWE-787

ODA

www.cve.org

cve-2023-5180

out-of-bounds write

oda drawings sdk

open design alliance

dgn file

code execution

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

21.5%

JSON

An issue was discovered in Open Design Alliance
Drawings SDK before 2024.12. A corrupted value of number
of sectors used by the Fat structure in a crafted DGN file leads to an
out-of-bounds write. An attacker can leverage this vulnerability to execute
code in the context of the current process.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "ODA Drawings SDK - All Versions < 2024.12",
    "vendor": "Open Design Alliance",
    "versions": [
      {
        "lessThan": "2024.12",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

References

www.opendesign.com/security-advisories

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

21.5%

JSON

Related for CVELIST:CVE-2023-5180