Vulnerabilites related to Open Design Alliance - ODA Drawings SDK - All Versions < 2024.12
cve-2023-5180
Vulnerability from cvelistv5
Published
2023-12-26 08:35
Modified
2024-08-02 07:52
Severity ?
EPSS score ?
Summary
An issue was discovered in Open Design Alliance
Drawings SDK before 2024.12. A corrupted value of number
of sectors used by the Fat structure in a crafted DGN file leads to an
out-of-bounds write. An attacker can leverage this vulnerability to execute
code in the context of the current process.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.opendesign.com/security-advisories | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Open Design Alliance | ODA Drawings SDK - All Versions < 2024.12 |
Version: 0 < 2024.12 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T07:52:07.647Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.opendesign.com/security-advisories", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "ODA Drawings SDK - All Versions < 2024.12", vendor: "Open Design Alliance", versions: [ { lessThan: "2024.12", status: "affected", version: "0", versionType: "custom", }, ], }, ], credits: [ { lang: "en", type: "finder", user: "00000000-0000-4000-9000-000000000000", value: "Seyit Sığırcı", }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "An issue was discovered in Open Design Alliance\nDrawings SDK before 2024.12. A corrupted value of number\nof sectors used by the Fat structure in a crafted DGN file leads to an\nout-of-bounds write. An attacker can leverage this vulnerability to execute\ncode in the context of the current process.", }, ], value: "An issue was discovered in Open Design Alliance\nDrawings SDK before 2024.12. A corrupted value of number\nof sectors used by the Fat structure in a crafted DGN file leads to an\nout-of-bounds write. An attacker can leverage this vulnerability to execute\ncode in the context of the current process.", }, ], impacts: [ { capecId: "CAPEC-123", descriptions: [ { lang: "en", value: "CAPEC-123 Buffer Manipulation", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "To exploit vulnerability, malicious DGN file should be read by ODA Drawings SDK.", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-787", description: "CWE-787 Out-of-bounds Write", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-12-26T08:35:40.093Z", orgId: "8a9629cb-c5e7-4d2a-a894-111e8039b7ea", shortName: "ODA", }, references: [ { tags: [ "vendor-advisory", ], url: "https://www.opendesign.com/security-advisories", }, ], source: { discovery: "UNKNOWN", }, title: "Out-of-bounds Write vulnerability exists in ODA Drawings SDK before 2024.12", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "8a9629cb-c5e7-4d2a-a894-111e8039b7ea", assignerShortName: "ODA", cveId: "CVE-2023-5180", datePublished: "2023-12-26T08:35:37.619Z", dateReserved: "2023-09-25T17:08:17.255Z", dateUpdated: "2024-08-02T07:52:07.647Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }